我正在尝试将流量从一个主机转发到另一个主机。它正在工作,但我想添加 url 白名单。以下 iptables-save 规则仍然阻止访问 http://host:8383/api/test
我错过了什么?
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [7:517]
:POSTROUTING ACCEPT [2:161]
-A PREROUTING -p tcp -m tcp --dport 8383 -j DNAT --to-destination x.x.x.x:8001
-A POSTROUTING ! -s 127.0.0.1/32 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -p tcp -m string --string "GET /api" --algo bm --icase -j ACCEPT
-P FORWARD DROP
COMMIT
sudo iptables -nvL
Chain INPUT (policy ACCEPT 49 packets, 2356 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 5 packets, 200 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "GET /api" ALGO name bm TO 65535 ICASE
Chain OUTPUT (policy ACCEPT 38 packets, 3060 bytes)
pkts bytes target prot opt in out source destination