Linux

刪除 iptables 中的表

  • June 24, 2018

如何刪除 iptables 中的表(而不是鏈)?

iptables-save即使我只使用“過濾器”表,我也有一些空表正在輸出。

例如,我不想iptables-save產生任何關於“mangle”表的輸出。今天我在玩 iptables,我使用了 mangle 表。我的 iptables-save 輸出過去看起來像這樣:

# Generated by iptables-save v1.6.0 on Thr Jun 21 00:00:00 2018
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j DROP
COMMIT
# Completed on Thr Jun 21 00:00:00 2018

但現在它看起來像這樣:

# Generated by iptables-save v1.6.0 on Sat Jun 23 00:00:00 2018
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Jun 23 00:00:00 2018
# Generated by iptables-save v1.6.0 on Sat Jun 23 00:00:00 2018
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j DROP
COMMIT
# Completed on Sat Jun 23 00:00:00 2018

如何刪除這個未使用的“mangle”表以清理我的 iptables-save 輸出?

嘗試:

rmmod iptable_mangle

一旦您從 mangle 表中刪除了所有條目(並且可能 - 恢復了預設鏈策略)。

您可以刷新mangle表的規則,然後刪除其中的任何可選鏈,如下所示:

$ sudo iptables -t mangle -F
$ sudo iptables -t mangle -X

例子

首先,請注意mangle表是空的

$ iptables -t mangle -L -v --line-numbers
Chain PREROUTING (policy ACCEPT 16 packets, 928 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 16 packets, 928 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 8 packets, 608 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 8 packets, 608 bytes)
num   pkts bytes target     prot opt in     out     source               destination

現在添加一個範例規則

$ iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452

$ iptables -t mangle -L -v --line-numbers
Chain PREROUTING (policy ACCEPT 6 packets, 348 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 6 packets, 348 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 TCPMSS     tcp  --  any    any     anywhere             anywhere             tcp flags:SYN,RST/SYN TCPMSS set 1452

Chain OUTPUT (policy ACCEPT 3 packets, 236 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 3 packets, 236 bytes)
num   pkts bytes target     prot opt in     out     source               destination

現在刷新和刪除

$ iptables -t mangle -F
$ iptables -t mangle -X

$ iptables -t mangle -L -v --line-numbers
Chain PREROUTING (policy ACCEPT 20 packets, 1160 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 20 packets, 1160 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 10 packets, 760 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 10 packets, 760 bytes)
num   pkts bytes target     prot opt in     out     source               destination

參考

引用自:https://serverfault.com/questions/917872