我正在尝试查看 Debian 7 服务器中 IPtables 中所有规则的列表。当我尝试时:
iptables -L -n
我只得到一条规则(我 5 分钟前输入的)。
我还有很多其他端口,80端口、mysql和其他端口都可以工作,但我在任何地方都看不到它们。
知道如何做到这一点吗?谢谢
/* 编辑 */
我正在添加一些从不同命令获得的输入
iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
当我尝试时
iptables -L -v -n --line-n
Chain INPUT (policy ACCEPT 43535 packets, 58M bytes)
num pkts bytes target prot opt in out source destination
1 126 56529 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:443 state ESTABLISHED
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 30151 packets, 7365K bytes)
num pkts bytes target prot opt in out source destination
iptables-save
# Generated by iptables-save v1.4.14 on Thu Oct 23 08:58:32 2014
*raw
:PREROUTING ACCEPT [17972:25607074]
:OUTPUT ACCEPT [12416:1953400]
COMMIT
# Completed on Thu Oct 23 08:58:32 2014
# Generated by iptables-save v1.4.14 on Thu Oct 23 08:58:32 2014
*mangle
:PREROUTING ACCEPT [19071:27028289]
:INPUT ACCEPT [19071:27028289]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [13114:2110189]
:POSTROUTING ACCEPT [13114:2110189]
COMMIT
# Completed on Thu Oct 23 08:58:32 2014
# Generated by iptables-save v1.4.14 on Thu Oct 23 08:58:32 2014
*security
:INPUT ACCEPT [19514:27565428]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [13405:2178341]
COMMIT
# Completed on Thu Oct 23 08:58:32 2014
# Generated by iptables-save v1.4.14 on Thu Oct 23 08:58:32 2014
*nat
:PREROUTING ACCEPT [141:11461]
:INPUT ACCEPT [141:11461]
:OUTPUT ACCEPT [11:1030]
:POSTROUTING ACCEPT [11:1030]
COMMIT
# Completed on Thu Oct 23 08:58:32 2014
# Generated by iptables-save v1.4.14 on Thu Oct 23 08:58:32 2014
*filter
:INPUT ACCEPT [43596:58181078]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [30216:7394285]
-A INPUT -i eth0 -p tcp -m tcp --sport 443 -m state --state ESTABLISHED -j ACCEP T
COMMIT
# Completed on Thu Oct 23 08:58:32 2014
答案1
Netfilter 鼓励使用iptables-save
命令,因为它将为您提供内置链和您自己定义的链的详细视图。如果你想获得人类可读的视图,你可以使用 iptables -L -v -n --line-n
答案2
您的命令仅列出默认filter
表。总共有五个表:filter
、nat
、mangle
、raw
和security
。可以使用以下选项选择这些-t
:
iptables -t nat -L -n
答案3
这是我放在 ~/.bashrc 中的别名(fw
意思是“防火墙”,对我来说已经足够描述了,如果您愿意,可以更改它):
设置 /etc/sudoers 以允许您在没有密码的情况下运行 iptables 命令或仅以 root 身份运行它。
alias fw='clear ; sudo iptables --line-numbers -nvL ; echo ; echo '\''nat:'\'' ; echo ; sudo iptables -t nat --line-numbers -nvL ; echo ; echo '\''mangle:'\'' ; echo ; sudo iptables --line-numbers -t mangle -nvL'