Internet articles - from time to time update
route
route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.4.4.62 route del -net 10.0.0.0 netmask 255.0.0.0 gw 10.4.4.62 route add default gw 172.16.130.22 route del default gw 172.16.130.22
route -n
iptables
1, see the
iptables -nvL -line-number
-L View all the rules of the current table, the default view of the filter table, if you want to view the NAT table, you can add -t NAT parameter
-n right ip address reverse lookup, add this parameter displays the speed will be much faster
-v output detailed information, including the number of packets by the rule, and the total number of bytes corresponding network interface
-line-number display the serial number of the rule, when this parameter will be used to delete or modify rules
2, added
added rule has two arguments: -A and -I. Wherein -A is added to the end of the rule; -I may be inserted to the specified position, the position is not specified, then the default rule is inserted into the header portion.
Current rules:
[Test the root @ ~] # iptables -NL --line- Number Chain the INPUT (Policy ACCEPT) NUM target Source opt Where do you want Prot . 1 the DROP All - 192.168 . 1.1 0.0 . 0.0 / 0 2 the DROP All - 192.168 . 1.2 0.0 . 0.0 / 0 . 3 the DROP All - 192.168 . 1.4 0.0 . 0.0 / 0 is added to the end of a rule: [the root Test @ ~] # iptables -A the INPUT -s 192.168 . for 1.5 -j DROP insert a rule to the third row, the number of lines written directly to the back of the chain rule: [the root Test @ ~] # iptables -I the INPUT . 3 -s 192.168 . 1.3 - j DROP View: [the root Test @ ~] iptables -NL --line- # Number Chain the INPUT (Policy ACCEPT) NUM target Source opt Where do you want Prot . 1 the DROP All - 192.168 . 1.1 0.0 . 0.0 / 0 2 the DROP All - 192.168 . 1.2 0.0 . 0.0 / 0 . 3 the DROP All - 192.168 . 1.3 0.0 . 0.0 / 0 . 4 the DROP All - 192.168 . 1.4 0.0 . 0.0 / 0 . 5 the DROP All - 192.168 . For 1.5 0.0 . 0.0 / 0 see 192. 168.1 .3 inserted into the third row, while the original the third line 192. 168.1 .4 became the fourth line.
3, delete,
delete with -D parameters
Before adding a rule to delete (the INPUT -s 192.168.1.5 iptables -A -j DROP): [root @ the Test ~] # iptables -D -s 192.168.1.5 the INPUT -j DROP Sometimes you want to delete the rule is too long, deleted write a long list, a waste of time and easy wrong, then we can first use -line-number to identify the line number that rule, and then delete the rule by line number. [Test the root @ ~] # iptables -nv --line-Number iptables v1.4.7: NO Command specified the Try iptables `-H 'or' iptables --help 'for More Information. [Test the root @ ~] # iptables -NL Number---line Chain the INPUT (Policy ACCEPT) NUM target Source opt Where do you want Prot . 1 All the DROP - 192.168.1.1 0.0.0.0/0 2 All the DROP - 192.168.1.2 0.0.0.0/0 . 3 All the DROP - 192.168. 1.3 0.0.0.0/0 delete the second row rule [root @ test ~] # iptables -D INPUT 2
4, modified
to modify the parameters used -R
Look at the current rule: [the root Test @ ~] # iptables -NL --line- Number Chain the INPUT (Policy ACCEPT) NUM target Source opt Where do you want Prot . 1 the DROP All - 192.168 . 1.1 0.0 . 0.0 / 0 2 the DROP All - - 192.168 . 1.2 0.0 . 0.0 / 0 . 3 the DROP All - 192.168 . for 1.5 0.0 . 0.0 / 0 the third rule to ACCEPT: [the root Test @ ~] -R & lt iptables the INPUT # . 3 -j ACCEPT View at: [the root Test @ ~] # iptables -NL --line- Number Chain the INPUT (Policy ACCEPT) NUM target Source opt Where do you want Prot . 1 the DROP All - 192.168 . 1.1 0.0 . 0.0 / 0 2 the DROP All - - 192.168 . 1.2 0.0 . 0.0 / 0 . 3 ACCEPT All - 0.0 . 0.0 / 0 0.0 . 0.0 / 0 target third rule has been changed to ACCEPT.