在Linux系统中给iptables规则添加注释的教程
程序员文章站
2023-11-02 22:00:52
这篇文章主要介绍了在Linux系统中给iptables规则添加注释的教程, iptables是Linux 内核集成的IP信息包过滤系统,需要的朋友可以参考下... 15-06-26...
给iptables规则添加注释,以此给你的老板和同事一个好印象。方法如下:
什么是iptables的注释呢?
iptables的注释一般使用在每条规则的后面,注释一般用 /* */ 包住。(具体的见下面的iptables规则中的注释 /* allow ssh to this host from anywhere */ )
复制代码
代码如下:$ sudo iptables -l
chain input (policy drop)
target prot opt source destination
accept all -- anywhere anywhere state related,established /* allow inbound traffic for established and related connections */
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
accept tcp -- anywhere anywhere tcp dpt:ssh /* allow ssh to this host from anywhere */
accept udp -- anywhere anywhere udp dpt:route /* allow incoming rip on the internal interface */
accept all -- localhost localhost /* allow any local-only traffic */
accept ipv6 -- tserv2.ash1.he.net anywhere /* allow ipv6 tunnel traffic from he */
accept icmp -- anywhere anywhere /* allow icmp traffic to this host from anywhere */</p> <p> chain forward (policy drop)
target prot opt source destination
accept all -- anywhere anywhere state related,established /* allow inbound traffic for established and related connections */
accept all -- anywhere anywhere /* allow all internet bound traffic from the internal network */
accept icmp -- anywhere anywhere /* forward any icmp traffic */</p> <p> chain output (policy accept)
target prot opt source destination</p> <p> chain fail2ban-ssh (1 references)
target prot opt source destination
return all -- anywhere anywhere
chain input (policy drop)
target prot opt source destination
accept all -- anywhere anywhere state related,established /* allow inbound traffic for established and related connections */
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
accept tcp -- anywhere anywhere tcp dpt:ssh /* allow ssh to this host from anywhere */
accept udp -- anywhere anywhere udp dpt:route /* allow incoming rip on the internal interface */
accept all -- localhost localhost /* allow any local-only traffic */
accept ipv6 -- tserv2.ash1.he.net anywhere /* allow ipv6 tunnel traffic from he */
accept icmp -- anywhere anywhere /* allow icmp traffic to this host from anywhere */</p> <p> chain forward (policy drop)
target prot opt source destination
accept all -- anywhere anywhere state related,established /* allow inbound traffic for established and related connections */
accept all -- anywhere anywhere /* allow all internet bound traffic from the internal network */
accept icmp -- anywhere anywhere /* forward any icmp traffic */</p> <p> chain output (policy accept)
target prot opt source destination</p> <p> chain fail2ban-ssh (1 references)
target prot opt source destination
return all -- anywhere anywhere
为新的iptables规则添加注释
为新的iptables规则添加注释的语法为 : comment --comment “要添加的注释文字”
具体的例子:下面添加一条允许ssh流量通过的规则,并且给这条规则添加注释:
复制代码
代码如下:$ sudo iptables -a input -p tcp -m tcp --dport 22 -m comment --comment "allow ssh to this host from anywhere" -j accept
然后用 -l 列出规则,就会看到刚才添加的规则和下面的一样:
复制代码
代码如下:$ sudo iptables -l</p>
<p>accept tcp -- anywhere anywhere tcp dpt:ssh /* allow ssh to this host from anywhere */
教程完!
上一篇: 轻松建站的几个软件 你知道几个
下一篇: 做什么类型的网站有价值呢?