iptables - 清除所有具有特定目标地址的 PREROUTING 规则

Question 1

像这样：

#!/bin/bash

for line_num in $(sudo iptables --line-numbers --list PREROUTING -t nat | awk '$7=="to:192.168.2.1:443" {print $1}')
do
  # You can't just delete lines here because the line numbers get reordered
  # after deletion, which would mean after the first one you're deleting the
  # wrong line. Instead put them in a reverse ordered list.
  LINES="$line_num $LINES"
done

# Delete the lines, last to first.
for line in $LINES
do
  sudo iptables -t nat -D PREROUTING $line
done

unset LINES

如果不匹配，您可能需要调整 awk 中的字段编号。

Answer

像这样：

#!/bin/bash

for line_num in $(sudo iptables --line-numbers --list PREROUTING -t nat | awk '$7=="to:192.168.2.1:443" {print $1}')
do
  # You can't just delete lines here because the line numbers get reordered
  # after deletion, which would mean after the first one you're deleting the
  # wrong line. Instead put them in a reverse ordered list.
  LINES="$line_num $LINES"
done

# Delete the lines, last to first.
for line in $LINES
do
  sudo iptables -t nat -D PREROUTING $line
done

unset LINES

如果不匹配，您可能需要调整 awk 中的字段编号。

Question 2

您可能能够使用 tac 简化线路反转：

#!/bin/bash

for line in $(sudo iptables --line-numbers --list PREROUTING -t nat | awk '$7=="to:192.168.2.1:443" {print $1}' | tac)
do
  # You can't just delete lines here because the line numbers get reordered
  # after deletion, which would mean after the first one you're deleting the
  # wrong line. Instead put them in a reverse ordered list.
  sudo iptables -t nat -D PREROUTING $line
done

Answer

您可能能够使用 tac 简化线路反转：

#!/bin/bash

for line in $(sudo iptables --line-numbers --list PREROUTING -t nat | awk '$7=="to:192.168.2.1:443" {print $1}' | tac)
do
  # You can't just delete lines here because the line numbers get reordered
  # after deletion, which would mean after the first one you're deleting the
  # wrong line. Instead put them in a reverse ordered list.
  sudo iptables -t nat -D PREROUTING $line
done

Question 3

您可以使用以下一行代码：

sudo iptables -S | grep $pattern | cut -d " " -f 2- | xargs -L1 sudo iptables -D

其中 $pattern 是您想要的模式。

我建议您首先回显此命令的结果，以避免出现问题

Answer

您可以使用以下一行代码：

sudo iptables -S | grep $pattern | cut -d " " -f 2- | xargs -L1 sudo iptables -D

其中 $pattern 是您想要的模式。

我建议您首先回显此命令的结果，以避免出现问题

Question 4

使用--line-numbers显示规则编号，grep 和 awk 即可。

# iptables -vnL -t nat --line-numbers |grep 10.1.1.0|awk '{print $1}' 
1

然后您可以使用它for来清除与一个特定 IP 匹配的所有规则。

# for rule in $(iptables -vnL -t nat --line-numbers |grep 10.1.1.0|awk '{print $1}'); do iptables -D INPUT $rule; done

请记住这些数字是按表显示的，因此您可能需要按表限制列出命令并逐个清除。

Answer

使用--line-numbers显示规则编号，grep 和 awk 即可。

# iptables -vnL -t nat --line-numbers |grep 10.1.1.0|awk '{print $1}' 
1

然后您可以使用它for来清除与一个特定 IP 匹配的所有规则。

# for rule in $(iptables -vnL -t nat --line-numbers |grep 10.1.1.0|awk '{print $1}'); do iptables -D INPUT $rule; done

请记住这些数字是按表显示的，因此您可能需要按表限制列出命令并逐个清除。

iptables - 清除所有具有特定目标地址的 PREROUTING 规则

答案1

答案2

答案3

答案4

相关内容