xji*_*xji 2 networking firewall iptables
帮助信息似乎不是很丰富:
--list -L [chain [rulenum]]
List the rules in a chain or all chains
--list-rules -S [chain [rulenum]]
Print the rules in a chain or all chains
唯一的区别在于单词的选择:“列表”与“打印”。
手册更详细一点,但仍然没有帮助:
-L, --list [chain]
List all rules in the selected chain. If no chain is selected, all chains are listed. Like every other iptables command, it applies to the specified table (filter is the default), so NAT
rules get listed by
iptables -t nat -n -L
Please note that it is often used with the -n option, in order to avoid long reverse DNS lookups. It is legal to specify the -Z (zero) option as well, in which case the chain(s) will be atom?
ically listed and zeroed. The exact output is affected by the other arguments given. The exact rules are suppressed until you use
iptables -L -v
-S, --list-rules [chain]
Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save. Like every other iptables command, it applies to the specified table (filter is the
default).
在我看来,这-S实际上更详细,并打印出我通过--dports参数允许的确切端口。但为什么会这样呢?我不认为“打印”这个词会自动暗示比“列表”更高级别的细节?
小智 6
不同之处在于输出格式。该-S选项以 的方式产生iptables-save。这可以与iptables-apply,重用iptables-restore。(查看他们的man页面条目以获取详细信息。)因此您可以将差异视为:
-L 仅供参考,以了解那里的内容-S 用于可重用输出,用于机器解析如果您认为该-S选项提供了更多详细信息,那么您应该结合 学习其他iptables提供更多详细信息的参数-L。