如果我做 iptables -L 列出 iptables 中的所有规则,它会在继续打印列表之前随机挂在不同的 ip 地址。它挂了几秒钟,每次都在不同的 IP 地址上。我的一般规则如下。然后我有几个本地 IP 和一些允许的远程 IP。我忘记了与查找相关的规则吗?
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT udp -- anywhere anywhere udp dpt:25
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
lar*_*sks 13
该iptables命令将尝试对 ip 地址进行反向查找。这将产生您所描述的行为。您可以使用-n标志禁止反向查找,这就是为什么我总是列出这样的规则:
iptables -vnL
这个事实和许多其他有用的花絮可以在iptables手册页中找到。有关部分-n内容如下:
-L, --list [chain]
List all rules in the selected chain. If no chain is selected, all chains
are listed. Like every other iptables command, it applies to the specified
table (filter is the default), so NAT rules get listed by
iptables -t nat -n -L
Please note that it is often used with the -n option, in order to avoid
long reverse DNS lookups. It is legal to specify the -Z (zero) option as
well, in which case the chain(s) will be atomically listed and zeroed. The
exact output is affected by the other arguments given. The exact rules are
suppressed until you use
iptables -L -v
| 归档时间: |
|
| 查看次数: |
7009 次 |
| 最近记录: |