Linux
刪除 iptables 中的表
如何刪除 iptables 中的表(而不是鏈)?
iptables-save
即使我只使用“過濾器”表,我也有一些空表正在輸出。例如,我不想
iptables-save
產生任何關於“mangle”表的輸出。今天我在玩 iptables,我使用了 mangle 表。我的 iptables-save 輸出過去看起來像這樣:# Generated by iptables-save v1.6.0 on Thr Jun 21 00:00:00 2018 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -j DROP COMMIT # Completed on Thr Jun 21 00:00:00 2018
但現在它看起來像這樣:
# Generated by iptables-save v1.6.0 on Sat Jun 23 00:00:00 2018 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on Sat Jun 23 00:00:00 2018 # Generated by iptables-save v1.6.0 on Sat Jun 23 00:00:00 2018 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -j DROP COMMIT # Completed on Sat Jun 23 00:00:00 2018
如何刪除這個未使用的“mangle”表以清理我的 iptables-save 輸出?
嘗試:
rmmod iptable_mangle
一旦您從 mangle 表中刪除了所有條目(並且可能 - 恢復了預設鏈策略)。
您可以刷新
mangle
表的規則,然後刪除其中的任何可選鏈,如下所示:$ sudo iptables -t mangle -F $ sudo iptables -t mangle -X
例子
首先,請注意
mangle
表是空的$ iptables -t mangle -L -v --line-numbers Chain PREROUTING (policy ACCEPT 16 packets, 928 bytes) num pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 16 packets, 928 bytes) num pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 8 packets, 608 bytes) num pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 8 packets, 608 bytes) num pkts bytes target prot opt in out source destination
現在添加一個範例規則
$ iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452 $ iptables -t mangle -L -v --line-numbers Chain PREROUTING (policy ACCEPT 6 packets, 348 bytes) num pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 6 packets, 348 bytes) num pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS set 1452 Chain OUTPUT (policy ACCEPT 3 packets, 236 bytes) num pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 3 packets, 236 bytes) num pkts bytes target prot opt in out source destination
現在刷新和刪除
$ iptables -t mangle -F $ iptables -t mangle -X $ iptables -t mangle -L -v --line-numbers Chain PREROUTING (policy ACCEPT 20 packets, 1160 bytes) num pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 20 packets, 1160 bytes) num pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 10 packets, 760 bytes) num pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 10 packets, 760 bytes) num pkts bytes target prot opt in out source destination
參考