搜索

此内容没有您所选择的语言版本。

2.8.9.2.2. Command Options

download PDF
Command options instruct iptables to perform a specific action. Only one command option is allowed per iptables command. With the exception of the help command, all commands are written in upper-case characters.
The iptables command options are as follows:
  • -A — Appends the rule to the end of the specified chain. Unlike the -I option described below, it does not take an integer argument. It always appends the rule to the end of the specified chain.
  • -D <integer> | <rule> — Deletes a rule in a particular chain by number (such as 5 for the fifth rule in a chain), or by rule specification. The rule specification must exactly match an existing rule.
  • -E — Renames a user-defined chain. A user-defined chain is any chain other than the default, pre-existing chains. (Refer to the -N option, below, for information on creating user-defined chains.) This is a cosmetic change and does not affect the structure of the table.

    Note

    If you attempt to rename one of the default chains, the system reports a Match not found error. You cannot rename the default chains.
  • -F — Flushes the selected chain, which effectively deletes every rule in the chain. If no chain is specified, this command flushes every rule from every chain.
  • -h — Provides a list of command structures, as well as a quick summary of command parameters and options.
  • -I [<integer>] — Inserts the rule in the specified chain at a point specified by a user-defined integer argument. If no argument is specified, the rule is inserted at the top of the chain.

    Important

    As noted above, the order of rules in a chain determines which rules apply to which packets. This is important to remember when adding rules using either the -A or -I option.
    This is especially important when adding rules using the -I with an integer argument. If you specify an existing number when adding a rule to a chain, iptables adds the new rule before (or above) the existing rule.
  • -L — Lists all of the rules in the chain specified after the command. To list all rules in all chains in the default filter table, do not specify a chain or table. Otherwise, the following syntax should be used to list the rules in a specific chain in a particular table:
    iptables -L <chain-name> -t <table-name>
    Additional options for the -L command option, which provide rule numbers and allow more verbose rule descriptions, are described in Section 2.8.9.2.6, “Listing Options”.
  • -N — Creates a new chain with a user-specified name. The chain name must be unique, otherwise an error message is displayed.
  • -P — Sets the default policy for the specified chain, so that when packets traverse an entire chain without matching a rule, they are sent to the specified target, such as ACCEPT or DROP.
  • -R — Replaces a rule in the specified chain. The rule's number must be specified after the chain's name. The first rule in a chain corresponds to rule number one.
  • -X — Deletes a user-specified chain. You cannot delete a built-in chain.
  • -Z — Sets the byte and packet counters in all chains for a table to zero.
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.