이 콘텐츠는 선택한 언어로 제공되지 않습니다.
18.3.2. Command Options
Command options instruct
iptables to perform a specific action. Only one command option is allowed per iptables command. With the exception of the help command, all commands are written in upper-case characters.
The
iptables commands are as follows:
-A— Appends theiptablesrule to the end of the specified chain. This is the command used to add a rule when rule order in the chain does not matter.-C— Checks a particular rule before adding it to the user-specified chain. This command can help you construct complicatediptablesrules by prompting you for additional parameters and options.-D— Deletes a rule in a particular chain by number (such as5for the fifth rule in a chain). You can also type the entire rule, andiptablesdeletes the rule in the chain that matches it.-E— Renames a user-defined chain. This does not affect the structure of the table.-F— Flushes the selected chain, which effectively deletes every rule in the the chain. If no chain is specified, this command flushes every rule from every chain.-h— Provides a list of command structures, as well as a quick summary of command parameters and options.-I— Inserts a rule in a chain at a point specified by a user-defined integer value. If no number is specified,iptablesplaces the command at the top of the chain.Warning
Be aware when using the-Aor-Ioption that the order of the rules within a chain are important for determining which rules apply to which packets.-L— Lists all of the rules in the chain specified after the command. To list all rules in all chains in the defaultfiltertable, do not specify a chain or table. Otherwise, the following syntax should be used to list the rules in a specific chain in a particular table:iptables -L <chain-name> -t <table-name>
Additional options for the-Lcommand option, which provide rule numbers and allow more verbose rule descriptions, are described in Section 18.3.6, “Listing Options”.-N— Creates a new chain with a user-specified name.-P— Sets the default policy for the specified chain, so that when packets traverse an entire chain without matching a rule, they are sent on to the specified target, such as ACCEPT or DROP.-R— Replaces a rule in the specified chain. The rule's number must be specified after the chain's name. The first rule in a chain corresponds to rule number one.-X— Deletes a user-specified chain. Deleting a built-in chain for any table is not allowed.-Z— Zeros the byte and packet counters in all chains for a table.
