如何获取所有IPtables规则

tag-icon tag-icon debian iptables
如何获取所有IPtables规则

我正在尝试查看 Debian 7 服务器中 IPtables 中所有规则的列表。当我尝试时:

iptables -L -n

我只得到一条规则(我 5 分钟前输入的)。

我还有很多其他端口,80端口、mysql和其他端口都可以工作,但我在任何地方都看不到它们。

知道如何做到这一点吗?谢谢

/* 编辑 */

我正在添加一些从不同命令获得的输入

iptables -t nat -L -n

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

当我尝试时

iptables -L -v -n --line-n

Chain INPUT (policy ACCEPT 43535 packets, 58M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1      126 56529 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp spt:443 state ESTABLISHED

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 30151 packets, 7365K bytes)
num   pkts bytes target     prot opt in     out     source               destination


iptables-save


# Generated by iptables-save v1.4.14 on Thu Oct 23 08:58:32 2014
*raw
:PREROUTING ACCEPT [17972:25607074]
:OUTPUT ACCEPT [12416:1953400]
COMMIT
# Completed on Thu Oct 23 08:58:32 2014
# Generated by iptables-save v1.4.14 on Thu Oct 23 08:58:32 2014
*mangle
:PREROUTING ACCEPT [19071:27028289]
:INPUT ACCEPT [19071:27028289]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [13114:2110189]
:POSTROUTING ACCEPT [13114:2110189]
COMMIT
# Completed on Thu Oct 23 08:58:32 2014
# Generated by iptables-save v1.4.14 on Thu Oct 23 08:58:32 2014
*security
:INPUT ACCEPT [19514:27565428]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [13405:2178341]
COMMIT
# Completed on Thu Oct 23 08:58:32 2014
# Generated by iptables-save v1.4.14 on Thu Oct 23 08:58:32 2014
*nat
:PREROUTING ACCEPT [141:11461]
:INPUT ACCEPT [141:11461]
:OUTPUT ACCEPT [11:1030]
:POSTROUTING ACCEPT [11:1030]
COMMIT
# Completed on Thu Oct 23 08:58:32 2014
# Generated by iptables-save v1.4.14 on Thu Oct 23 08:58:32 2014
*filter
:INPUT ACCEPT [43596:58181078]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [30216:7394285]
-A INPUT -i eth0 -p tcp -m tcp --sport 443 -m state --state ESTABLISHED -j ACCEP                                                                                        T
COMMIT
# Completed on Thu Oct 23 08:58:32 2014

答案1

Netfilter 鼓励使用iptables-save命令,因为它将为您提供内置链和您自己定义的链的详细视图。如果你想获得人类可读的视图,你可以使用 iptables -L -v -n --line-n

答案2

您的命令仅列出默认filter表。总共有五个表:filternatmanglerawsecurity。可以使用以下选项选择这些-t

iptables -t nat -L -n

答案3

这是我放在 ~/.bashrc 中的别名(fw意思是“防火墙”,对我来说已经足够描述了,如果您愿意,可以更改它):

设置 /etc/sudoers 以允许您在没有密码的情况下运行 iptables 命令或仅以 root 身份运行它。

alias fw='clear ; sudo iptables --line-numbers -nvL ; echo ; echo '\''nat:'\'' ; echo ; sudo iptables -t nat --line-numbers -nvL ; echo ; echo '\''mangle:'\'' ; echo ; sudo iptables --line-numbers -t mangle -nvL'

相关内容