默認/etc/sysoncifg/iptables-config的配置內容:
# Load additional iptables modules (nat helpers) # Default: -none- # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which # are loaded after the firewall rules are applied. Options for the helpers are # stored in /etc/modprobe.conf. IPTABLES_MODULES="ip_conntrack_netbios_ns" # Unload modules on restart and stop # Value: yes|no, default: yes # This option has to be 'yes' to get to a sane state for a firewall # restart or stop. Only set to 'no' if there are problems unloading netfilter # modules. IPTABLES_MODULES_UNLOAD="yes" # Save current firewall rules on stop. # Value: yes|no, default: no # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped # (e.g. on system shutdown). IPTABLES_SAVE_ON_STOP="no" # Save current firewall rules on restart. # Value: yes|no, default: no # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets # restarted. IPTABLES_SAVE_ON_RESTART="no" # Save (and restore) rule and chain counter. # Value: yes|no, default: no # Save counters for rules and chains to /etc/sysconfig/iptables if # 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or # SAVE_ON_RESTART is enabled. IPTABLES_SAVE_COUNTER="no" # Numeric status output # Value: yes|no, default: yes # Print IP addresses and port numbers in numeric format in the status output. IPTABLES_STATUS_NUMERIC="yes" # Verbose status output # Value: yes|no, default: yes # Print info about the number of packets and bytes plus the "input-" and # "outputdevice" in the status output. IPTABLES_STATUS_VERBOSE="no" # Status output with numbered lines # Value: yes|no, default: yes # Print a counter/number for every rule in the status output. IPTABLES_STATUS_LINENUMBERS="yes"
IPTABLES_MODULES="ip_conntrack_netbios_ns"
在防火牆被激活時,指定一組獨立的空間額外加載iptables模塊,系統啟動,加載防火牆模塊,會打印:Loading additional iptables modules: ip_conntrack_netbios_ns[ OK ]
IPTABLES_MODULES_UNLOAD="yes"
在重新啟動和停止iptables模塊時,是否卸載此模塊。
IPTABLES_SAVE_ON_STOP="no"
當防火牆停止時,保存當前防火牆規則到iptables文件,no :(默認值)不保存當前的規則到iptables文件。
IPTABLES_SAVE_ON_RESTART="no"
當防火牆重啟時:service iptables restart,保存當前防火牆規則到iptables文件,no :(默認值)不保存當前的規則到iptables文件。
IPTABLES_SAVE_COUNTER="no"
保存並恢復所有chain和規則中的數據包和字節計數器,yes:保存計數器的值,no:(默認值)不保存計數器值。
IPTABLES_STATUS_NUMERIC="yes"
輸出的IP地址是數字的格式,而不是域名和主機名的形式,yes:(默認值)在狀態輸出中只包括IP地址,no:在狀態輸出中返回域名或主機名。
IPTABLES_STATUS_VERBOSE="no"
輸出iptables狀態時,是否包含輸入輸出設備,yes:包含,no:(默認值)不包含。
IPTABLES_STATUS_LINENUMBERS="yes"
輸出iptables狀態時,是否同時輸出每條規則的匹配數,yes:(默認值)輸出,no:不輸出。
查看防火牆狀態:service iptables status
重啟防火牆:service iptables restart
# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
重啟防火牆,清除規則和卸載模塊,然后再加載新的規則。