經由先前的簡易測試,我們針對ipv4設置iptables的過濾規則
-F : Deleting (flushing) all the rules.
-X : Delete chain.
-t table_name : Select table (called nat or mangle) and delete/flush rules.
-P : Set the default policy (such as DROP, REJECT, or ACCEPT).
# Flush filter
IPTABLES=/sbin/iptables
$IPTABLES -F
$IPTABLES -X
echo "Flush mangle table ......"
echo
# Flush mangle
$IPTABLES -F -t mangle
$IPTABLES -t mangle -X
echo "Flush nat table ......"
echo
# Flush nat
$IPTABLES -F -t nat
$IPTABLES -t nat -X
###-----------------------------------------------------###
# 設定 filter table 的預設政策
###-----------------------------------------------------###
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
#!/bin/bash
#Author:kawsing
#Date:2012/11/27
#快速關閉防火牆,並回復預設值
ipt="/sbin/iptables"
#預設policies,全部ACCEPT
$ipt -t filter -P INPUT ACCEPT
$ipt -t filter -P FORWARD ACCEPT
$ipt -t filter -P OUTPUT ACCEPT
$ipt -t nat -P PREROUTING ACCEPT
$ipt -t nat -P OUTPUT ACCEPT
$ipt -t nat -P POSTROUTING ACCEPT
$ipt -t mangle -P INPUT ACCEPT
$ipt -t mangle -P OUTPUT ACCEPT
$ipt -t mangle -P FORWARD ACCEPT
$ipt -t mangle -P PREROUTING ACCEPT
$ipt -t mangle -P POSTROUTING ACCEPT
#計數器歸零
$ipt -t filter -Z
$ipt -t nat -Z
$ipt -t mangle -Z
#清除chain的規則
$ipt -t filter -F
$ipt -t nat -F
$ipt -t mangle -F
$ipt -t filter -X
$ipt -t nat -X
$ipt -t mangle -X
