{"id":41,"date":"2021-01-10T17:47:04","date_gmt":"2021-01-10T09:47:04","guid":{"rendered":"https:\/\/explause.com\/?p=41"},"modified":"2021-01-10T17:47:04","modified_gmt":"2021-01-10T09:47:04","slug":"iptables%e7%9a%84%e4%b8%80%e4%ba%9b%e7%ae%80%e5%8d%95%e6%a6%82%e5%bf%b5","status":"publish","type":"post","link":"https:\/\/devdoge.org\/?p=41","title":{"rendered":"iptables\u7684\u4e00\u4e9b\u7b80\u5355\u6982\u5ff5"},"content":{"rendered":"\n

iptables\u662fLinux\u4e0a\u5e38\u7528\u7684\u9632\u706b\u5899\u8f6f\u4ef6\uff0c\u4e5f\u6709\u4e00\u4e9b\u65b0\u7684\u9632\u706b\u5899\u662f\u57fa\u4e8eiptables\uff0c\u8ba9\u5b83\u7684\u64cd\u4f5c\u66f4\u52a0\u7b80\u5355\u3002<\/p>\n\n\n

iptables\u6ca1\u90a3\u4e48\u590d\u6742\uff0c\u53ea\u662f\u5b83\u7684\u547d\u4ee4\u957f\u5ea6\u6709\u70b9\u957f\uff0c\u5176\u5b9e\u903b\u8f91\u5f88\u6e05\u6670\uff0c\u53ef\u4ee5\u505a\u7684\u4e8b\u60c5\u5f88\u591a\u3002<\/p>\n\n\n

iptables\u4e00\u5171\u6709\u56db\u8868\u4e94\u94fe\uff1a\u5c31\u662f\u6709\uff1a\nfilter\u3001nat\u3001mangle\u3001raw\n\u8fd9\u4e94\u5f20\u8868\u3002<\/pre>\n\n\n
\u4f46\u662f\uff0c\u4e0d\u662f\u6bcf\u4e2a\u8868\u90fd\u67095\u6761\u89c4\u5219\u94fe\u7684\uff1a\nfilter       \u6709                           INPUT  FORWARD OUTPUT\nnat         \u6709PREROUTING  INPUT                      OUTPUT POSTROUTING\nmangle \u6709PREROUTING  INPUT  FORWARD OUTPUT POSTROUTING\nraw        \u6709PREROUTING                                       OUTPUT<\/pre>\n\n\n
4\u5f20\u8868\u7684\u4f18\u5148\u7ea7\uff1araw\u6700\u5927\uff0c\u5176\u6b21mangle\uff0c\u7136\u540enat\uff0c\u6700\u540e\u662ffilter\u3002 <\/p>\n\n\n
\u5c31\u62ff\u6709\u5b8c\u65745\u6761\u94fe\u7684mangle\u8868\u6765\u8bf4\uff0c\u5982\u679c\u6536\u5230\u7684\u6570\u636e\u5305\u76ee\u7684\u5730\u4e0d\u662f\u672c\u673a\uff0c\u90a3\u5c31\u4e0d\u7ecf\u8fc7INPUT\u94fe\uff0c\u8fdb\u5165FORWARD\u94fe\u3002<\/p>\n\n\n
4\u5f20\u8868\u7684\u4f18\u5148\u7ea7\u4e3a\uff1a<\/p>\n\n\n
raw -> mangle -> nat -> filter<\/code><\/pre>\n\n\n
\u5b9e\u9645\u5904\u7406\u8fc7\u7a0b\uff08\u6570\u636e\u5305\u76ee\u7684\u5730\u4e3a\u672c\u673a\uff09\uff1a<\/p>\n\n\n
raw(PREROUTING) -> mangle(PREROUTING) -> nat(PREROUTING) -\n                                                         |\n----------\u672c\u5730\u76d1\u542c\u7a0b\u5e8f <- filter(INPUT) <- mangle(INPUT) <-|\n|\n|-> \u7a0b\u5e8f\u53d1\u51fa\u6570\u636e\u5305 -> raw(OUTPUT) -> mangle(OUTPUT) --------\n                                                         |\n| mangle(POSTROUTING) <- filter(OUTPUT) <- nat(OUTPUT) <-|\n|\n|-> nat(POSTROUTING)<\/code><\/pre>\n\n\n
\u5b9e\u9645\u5904\u7406\u8fc7\u7a0b\uff08\u6570\u636e\u5305\u76ee\u7684\u5730\u4e0d\u662f\u672c\u673a\uff09\uff1a<\/p>\n\n\n
raw(PREROUTING) -> mangle(PREROUTING) -> nat(PREROUTING) -\n                                                         |\n---------------- <- filter(FORWARD) <- mangle(FORWARD) <-|\n|\n|-> mangle(POSTROUTING) -> nat(POSTROUTING)<\/code><\/pre>\n\n\n
\u5bf9\u4e8e\u9632\u706b\u5899\u7684\u4f7f\u7528\u573a\u666f\u4e3b\u8981\u96c6\u4e2d\u5728filter\u7684INPUT\u94fe\uff0c\u6240\u4ee5iptables\u7684\u9ed8\u8ba4\u64cd\u4f5c\u8868\u5c31\u662ffilter\u8868\u3002mangle\u8868\u53ef\u4ee5\u7528\u4e8e\u7b56\u7565\u8def\u7531\uff0cnat\u8868\u53ef\u4ee5\u7528\u4e8eNAT\u64cd\u4f5c\uff0craw\u8868\u7528\u6765\u52a0\u901f\u67d0\u4e9b\u64cd\u4f5c\u3002<\/p>\n\n\n
CentOS\u9ed8\u8ba4\u88c5\u4e86iptables\uff0c\u4f46\u662f\u5f00\u673a\u4e0d\u4f1a\u81ea\u5df1\u542f\u52a8\u3002\u67d0\u4e9b\u7cfb\u7edf\u6a21\u7248\u5b89\u88c5\u4e86firewalld\u9632\u706b\u5899\uff0c\u4e24\u8005\u53ef\u4ee5\u5171\u5b58\uff0c\u4f46\u662f\u4e0d\u80fd\u540c\u65f6\u7528\u3002\u60f3\u5b9e\u73b0\u4e00\u4e9b\u9ad8\u7ea7\u64cd\u4f5ciptables\u4f1a\u7b80\u5355\u4e00\u4e9b\u3002<\/p>\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
iptables\u7684\u56db\u8868\u4e94\u94fe\u4ee5\u53ca\u5904\u7406\u7684\u987a\u5e8f\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[12,22],"class_list":["post-41","post","type-post","status-publish","format-standard","hentry","category-ipt","tag-iptables","tag-22"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"_links":{"self":[{"href":"https:\/\/devdoge.org\/index.php?rest_route=\/wp\/v2\/posts\/41","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devdoge.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devdoge.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devdoge.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/devdoge.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41"}],"version-history":[{"count":0,"href":"https:\/\/devdoge.org\/index.php?rest_route=\/wp\/v2\/posts\/41\/revisions"}],"wp:attachment":[{"href":"https:\/\/devdoge.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devdoge.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devdoge.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}