如何删除 iptables 中的表(而不是链)?
iptables-save
尽管我只使用“过滤器”表,但我还是有一些空表正在输出。
例如,我不想iptables-save
生成任何有关“mangle”表的输出。今天我玩弄了 iptables,并且使用了 mangle 表。我的 iptables-save 输出以前是这样的:
# Generated by iptables-save v1.6.0 on Thr Jun 21 00:00:00 2018
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j DROP
COMMIT
# Completed on Thr Jun 21 00:00:00 2018
但现在它看起来像这样:
# Generated by iptables-save v1.6.0 on Sat Jun 23 00:00:00 2018
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Jun 23 00:00:00 2018
# Generated by iptables-save v1.6.0 on Sat Jun 23 00:00:00 2018
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j DROP
COMMIT
# Completed on Sat Jun 23 00:00:00 2018
我如何删除这个未使用的“mangle”表来清理我的 iptables-save 输出?
答案1
尝试:
rmmod iptable_mangle
一旦您从 mangle 表中删除了所有条目(并且可能恢复了默认链策略)。
答案2
您可以刷新mangle
表的规则,然后删除其中的任何可选链,如下所示:
$ sudo iptables -t mangle -F
$ sudo iptables -t mangle -X
例子
首先,请注意mangle
表格是空的
$ iptables -t mangle -L -v --line-numbers
Chain PREROUTING (policy ACCEPT 16 packets, 928 bytes)
num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 16 packets, 928 bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 8 packets, 608 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 8 packets, 608 bytes)
num pkts bytes target prot opt in out source destination
现在添加示例规则
$ iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
$ iptables -t mangle -L -v --line-numbers
Chain PREROUTING (policy ACCEPT 6 packets, 348 bytes)
num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 6 packets, 348 bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS set 1452
Chain OUTPUT (policy ACCEPT 3 packets, 236 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 3 packets, 236 bytes)
num pkts bytes target prot opt in out source destination
现在刷新并删除
$ iptables -t mangle -F
$ iptables -t mangle -X
$ iptables -t mangle -L -v --line-numbers
Chain PREROUTING (policy ACCEPT 20 packets, 1160 bytes)
num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 20 packets, 1160 bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 10 packets, 760 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 10 packets, 760 bytes)
num pkts bytes target prot opt in out source destination