本篇内容主要讲解“在Linux系统中怎么给iptables规则添加注释”,感兴趣的朋友不妨来看看。本文介绍的方法操作简单快捷,实用性强。下面就让小编来带大家学习“在Linux系统中怎么给iptables规则添加注释”吧!
给iptables规则添加注释,以此给你的老板和同事一个好印象。方法如下:
什么是iptables的注释呢?
iptables的注释一般使用在每条规则的后面,注释一般用 /* */ 包住。(具体的见下面的iptables规则中的注释 /* allow SSH to this host from anywhere */ )
代码如下:
$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED /* allow inbound traffic for established and related connections */
fail2ban-ssh tcp — anywhere anywhere multiport dports ssh
ACCEPT tcp — anywhere anywhere tcp dpt:ssh /* allow SSH to this host from anywhere */
ACCEPT udp — anywhere anywhere udp dpt:route /* allow incoming RIP on the internal interface */
ACCEPT all — localhost localhost /* allow any local-only traffic */
ACCEPT ipv6 — tserv2.ash2.he.net anywhere /* allow IPv6 tunnel traffic from HE */
ACCEPT icmp — anywhere anywhere /* allow ICMP traffic to this host from anywhere */</p>
<p> Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED /* allow inbound traffic for established and related connections */
ACCEPT all — anywhere anywhere /* allow all Internet bound traffic from the internal network */
ACCEPT icmp — anywhere anywhere /* forward any ICMP traffic */</p>
<p> Chain OUTPUT (policy ACCEPT)
target prot opt source destination</p>
<p> Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all — anywhere anywhere
为新的iptables规则添加注释
为新的iptables规则添加注释的语法为 : comment –comment “要添加的注释文字”
具体的例子:下面添加一条允许ssh流量通过的规则,并且给这条规则添加注释:
代码如下:
$ sudo iptables -A INPUT -p tcp -m tcp –dport 22 -m comment –comment "allow SSH to this host from anywhere" -j ACCEPT
然后用 -L 列出规则,就会看到刚才添加的规则和下面的一样:
代码如下:
$ sudo iptables -L</p>
<p>ACCEPT tcp — anywhere anywhere tcp dpt:ssh /* allow SSH to this host from anywhere */
到此,相信大家对“在Linux系统中怎么给iptables规则添加注释”有了更深的了解,不妨来实际操作一番吧!这里是云网站,更多相关内容可以进入相关频道进行查询,关注我们,继续学习!
评论前必须登录!
注册