主页 / server / 问题 / 917872
Accepted
Michael Altfield
Asked: 2018-06-23 20:44:04 +0800 CST

删除 iptables 中的表

  • 772

如何删除 iptables 中的表(而不是链)?

iptables-save即使我只使用“过滤器”表,我也有一些空表正在输出。

例如,我不想iptables-save产生任何关于“mangle”表的输出。今天我在玩 iptables,我使用了 mangle 表。我的 iptables-save 输出过去看起来像这样:

# Generated by iptables-save v1.6.0 on Thr Jun 21 00:00:00 2018
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j DROP
COMMIT
# Completed on Thr Jun 21 00:00:00 2018

但现在它看起来像这样:

# Generated by iptables-save v1.6.0 on Sat Jun 23 00:00:00 2018
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Jun 23 00:00:00 2018
# Generated by iptables-save v1.6.0 on Sat Jun 23 00:00:00 2018
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j DROP
COMMIT
# Completed on Sat Jun 23 00:00:00 2018

如何删除这个未使用的“mangle”表以清理我的 iptables-save 输出?

linux

2 个回答

  1. 您可以刷新mangle表的规则,然后删除其中的任何可选链,如下所示:

    $ sudo iptables -t mangle -F
$ sudo iptables -t mangle -X

    例子

    首先,请注意mangle表是空的

    $ iptables -t mangle -L -v --line-numbers
Chain PREROUTING (policy ACCEPT 16 packets, 928 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 16 packets, 928 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 8 packets, 608 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 8 packets, 608 bytes)
num   pkts bytes target     prot opt in     out     source               destination

    现在添加一个示例规则

    $ iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452

$ iptables -t mangle -L -v --line-numbers
Chain PREROUTING (policy ACCEPT 6 packets, 348 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 6 packets, 348 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 TCPMSS     tcp  --  any    any     anywhere             anywhere             tcp flags:SYN,RST/SYN TCPMSS set 1452

Chain OUTPUT (policy ACCEPT 3 packets, 236 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 3 packets, 236 bytes)
num   pkts bytes target     prot opt in     out     source               destination

    现在刷新并删除

    $ iptables -t mangle -F
$ iptables -t mangle -X

$ iptables -t mangle -L -v --line-numbers
Chain PREROUTING (policy ACCEPT 20 packets, 1160 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 20 packets, 1160 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 10 packets, 760 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 10 packets, 760 bytes)
num   pkts bytes target     prot opt in     out     source               destination

    参考

    • 1
  2. Best Answer

    尝试:

    rmmod iptable_mangle

    一旦您从 mangle 表中删除了所有条目(并且可能 - 恢复了默认链策略)。

    • 1

相关问题