Iptables

iptables - 清除具有特定目標地址的所有 PREROUTING 規則

  • December 9, 2015

我有一個添加 iptable PREROUTING 規則的腳本。他們都有同樣的問題要解決。當我執行這個:

iptables --list PREROUTING -t nat

我看到這樣的輸出:

DNAT       tcp  --  anywhere             165.193.122.18      tcp dpt:https to:192.168.2.1:443
DNAT       tcp  --  anywhere             63.135.91.11        tcp dpt:https to:192.168.2.1:443
DNAT       tcp  --  anywhere             63.135.90.224       tcp dpt:https to:192.168.2.1:443

看來我應該能夠通過編寫這樣的命令來刪除所有這些規則……

"drop all PREROUTING rules that go to 192.168.2.1:443"

因此,在查看 itables 的選項時,我似乎需要使用 -D 選項。但我不知道給它的規則。:-(

因此,我可能需要查詢現有規則,使用 grep 將其限制為目標 192.168.2.1:443,然後執行 -D 為每個規則傳遞規則編號。我不知道該怎麼做。任何幫助,將不勝感激。

謝謝!

電動汽車

像這樣的東西:

#!/bin/bash

for line_num in $(sudo iptables --line-numbers --list PREROUTING -t nat | awk '$7=="to:192.168.2.1:443" {print $1}')
do
 # You can't just delete lines here because the line numbers get reordered
 # after deletion, which would mean after the first one you're deleting the
 # wrong line. Instead put them in a reverse ordered list.
 LINES="$line_num $LINES"
done

# Delete the lines, last to first.
for line in $LINES
do
 sudo iptables -t nat -D PREROUTING $line
done

unset LINES

如果不匹配,您可能需要調整 awk 中的欄位編號。

引用自:https://serverfault.com/questions/401416