iptables詳解（8）iptables自定義鏈

自定義鏈存在的意義：對鏈進行分類

target可能是一個“動作“也可能是一個”自定義鏈”

1.新增自定義鏈。

root@ubuntu:~# iptables -t filter -N IN_WEB
#結果
root@ubuntu:~# iptables -nvL
Chain INPUT (policy ACCEPT 23 packets, 1448 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 16 packets, 1212 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain IN_WEB (0 references)
 pkts bytes target     prot opt in     out     source               destination      

　

2.引用自定義鏈。

root@ubuntu:~# iptables -t filter -I INPUT -p tcp --dport 80 -j IN_WEB
#結果
root@ubuntu:~# iptables -nvL
Chain INPUT (policy ACCEPT 11 packets, 770 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 IN_WEB     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 4 packets, 480 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain IN_WEB (1 references)
 pkts bytes target     prot opt in     out     source               destination     

　　

3.重命名自定義鏈。

root@ubuntu:~# iptables -E IN_WEB WEB

root@ubuntu:~# iptables -nvL
Chain INPUT (policy ACCEPT 53 packets, 3639 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 WEB        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 36 packets, 2840 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain WEB (1 references)
 pkts bytes target     prot opt in     out     source               destination   

　　

4.刪除自定義鏈。

root@ubuntu:~# iptables -X WEB
iptables: Too many links.
#被引用了無法刪除
root@ubuntu:~# iptables --line -nvL
Chain INPUT (policy ACCEPT 366 packets, 32141 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 WEB        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 137 packets, 11248 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain WEB (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
#刪除引用自定義鏈的條目
root@ubuntu:~# iptables -D INPUT 1
root@ubuntu:~# 
root@ubuntu:~# iptables -nvL
Chain INPUT (policy ACCEPT 70 packets, 4797 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 35 packets, 2848 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain WEB (0 references)
 pkts bytes target     prot opt in     out     source               destination         


#可正常刪除
root@ubuntu:~# iptables -X WEB
root@ubuntu:~# 
root@ubuntu:~# iptables -nvL
Chain INPUT (policy ACCEPT 33 packets, 2104 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 23 packets, 1860 bytes)
 pkts bytes target     prot opt in     out     source               destination    

　刪除的條件：

1.自定義鏈中無規則

2.自定義鏈沒有被其他的鏈所引用