如果我做iptables -L来列出iptables中的所有规则,它将随机挂在不同的ip地址,然后继续打印列表。 它挂起几秒钟,每次在不同的IP地址。 我的一般规则列在下面。 那么我有几个本地IP和几个允许的远程IP。 有没有规则,我忘记了有关查询?
Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT udp -- anywhere anywhere udp dpt:25 ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED iptables命令将尝试对IP地址进行反向查找。 这将产生你描述的行为。 你可以用-n标志禁止反向查找,这就是为什么我总是列出这样的规则:
iptables -vnL
这个事实和许多其他有用的花絮可以在iptables手册页find。 有关-n的相关部分内容如下:
-L, --list [chain] List all rules in the selected chain. If no chain is selected, all chains are listed. Like every other iptables command, it applies to the specified table (filter is the default), so NAT rules get listed by iptables -t nat -n -L Please note that it is often used with the -n option, in order to avoid long reverse DNS lookups. It is legal to specify the -Z (zero) option as well, in which case the chain(s) will be atomically listed and zeroed. The exact output is affected by the other arguments given. The exact rules are suppressed until you use iptables -L -v