Command:
Management Rule
-A: an additional rule, in the tail chain added
-I CHAIN [num]: insert a rule, corresponding to the insertion of the article num CHAIN;
-D CHAIN [num]: Delete the specified chain of num rule;
for example: the OUTPUT iptables -D 2
-R & lt [num] cHAIN: replace specified rule;
management chain:
-F [cHAIN]: the flush, empty specify rules chain cHAIN If omitted, the correspondence table may be implemented to delete All chain
-P cHAIN: set the default policy specifies the chain;
-N: customize a new empty chain
-X: empty chain delete a custom
-Z: zero specified chain counter all the rules;
-E : rename a custom chain;
View class:
-L: display rules specified in the table;
-n: displays the host address and port number in a digital format;
-v: show details of the chain rule and
-vv:
the -X-: the exact value of the counter display
--line-numbers: number display rule
action (target): - j
ACCEPT: Release
DROP: discarding
REJECT: rejected
DNAT: destination address conversion
SNAT: source address translation
REDIRECT: Port Redirection
MASQUERADE: masquerading
LOG: log
MARK: marking
E.g:
# iptables -N clean_in
# iptables -A clean_in -d 255.255.255.255 -p icmp -j DROP
# iptables -A clean_in -d 172.16.255.255 -p icmp -j DROP
# iptables -A clean_in -p tcp ! --syn -m state --state NEW -j DROP
# iptables -A clean_in -p tcp --tcp-flags ALL ALL -j DROP
# iptables -A clean_in -p tcp --tcp-flags ALL NONE -j DROP
# iptables -A clean_in -d 172.16.100.7 -j RETURN
# iptables -A INPUT -d 172.16.100.7 -j clean_in
# iptables -A INPUT -i lo -j ACCEPT
# iptables -A OUTPUT -o lo -j ACCEPT
# iptables -A INPUT -i eth0 -m multiport -p tcp --dports 53,113,135,137,139,445 -j DROP
# iptables -A INPUT -i eth0 -m multiport -p udp --dports 53,113,135,137,139,445 -j DROP
# iptables -A INPUT -i eth0 -p udp --dport 1026 -j DROP
# iptables -A INPUT -i eth0 -m multiport -p tcp --dports 1433,4899 -j DROP
# iptables -A INPUT -p icmp -m limit --limit 10/second -j ACCEPT