zoukankan      html  css  js  c++  java
  • iptables

    root@cloud:~# iptables -t nat  -L POSTROUTING  -n --line-number 
    Chain POSTROUTING (policy ACCEPT)
    num  target     prot opt source               destination         
    1    KUBE-POSTROUTING  all  --  0.0.0.0/0            0.0.0.0/0            /* kubernetes postrouting rules */
    2    MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
    3    RETURN     all  --  10.244.0.0/16        10.244.0.0/16       
    4    MASQUERADE  all  --  10.244.0.0/16       !224.0.0.0/4         
    5    RETURN     all  -- !10.244.0.0/16        10.244.0.0/24       
    6    MASQUERADE  all  -- !10.244.0.0/16        10.244.0.0/16       
    root@cloud:~# iptables -t filter  -L INPUT  -n --line-number 
    Chain INPUT (policy ACCEPT)
    num  target     prot opt source               destination         
    1    KUBE-SERVICES  all  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW /* kubernetes service portals */
    2    KUBE-EXTERNAL-SERVICES  all  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW /* kubernetes externally-visible service portals */
    3    KUBE-FIREWALL  all  --  0.0.0.0/0            0.0.0.0/0           
    4    DROP       tcp  --  210.22.22.150        0.0.0.0/0            tcp dpt:10000
    5    DROP       tcp  --  210.22.22.150        0.0.0.0/0            tcp dpt:10004
    root@cloud:~# 
    root@cloud:~# iptables -t filter  -D INPUT  4
    root@cloud:~# date
    Tue May 18 16:50:21 CST 2021
    root@cloud:~# iptables -t filter  -L INPUT  -n --line-number 
    Chain INPUT (policy ACCEPT)
    num  target     prot opt source               destination         
    1    KUBE-SERVICES  all  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW /* kubernetes service portals */
    2    KUBE-EXTERNAL-SERVICES  all  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW /* kubernetes externally-visible service portals */
    3    KUBE-FIREWALL  all  --  0.0.0.0/0            0.0.0.0/0       

    server : 开启 6666端口

    client telnet server 66

    root@ubuntu:~/c++#  conntrack -L | grep 6666
    tcp      6 86396 ESTABLISHED src=10.10.16.81 dst=10.10.16.82 sport=45486 dport=6666 src=10.10.16.82 dst=10.10.16.81 sport=6666 dport=45486 [ASSURED] mark=0 use=1

    server : 开启 6666端口

    client telnet server 66

    添加tcp notrack

    root@ubuntu:~/c++#  iptables -t raw -I INPUT  1 -p udp --dport 6666 -j NOTRACK
    iptables: No chain/target/match by that name.
    root@ubuntu:~/c++#  iptables -t raw -I PREROUTING 1 -p tcp --dport 6666 -j NOTRACK
    root@ubuntu:~/c++#  conntrack -L | grep 6666
    root@ubuntu:~/c++# iptables -t raw  -L PREROUTING  -n --line-number 
    Chain PREROUTING (policy ACCEPT)
    num  target     prot opt source               destination         
    1    CT         tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:6666 NOTRACK
    2    CT         udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:6666 NOTRACK
    root@ubuntu:~/c++#  conntrack -L | grep 6666
    conntrack v1.4.4 (conntrack-tools): 153 flow entries have been shown.
    root@ubuntu:~/c++# 
  • 相关阅读:
    安卓AndroidManifest.xml介绍
    Android系统开发入门
    蓝牙协议(bluetooth spec)
    解决:NoSuchAlgorithmException: Algorithm HmacSHA1 not available
    Spring bean 实现初始化、销毁方法的方式及顺序
    解决: maven编译项目报“非法字符: 65279 ”错误
    解决:eclipse 非正常关闭,导致无法正常启动
    ffmpeg 音频转换: use ffmpeg convert the audio from stereo to mono without changing the video part
    win10家庭版快速升级专业版
    Linux下更改目录及其下的子目录和文件的访问权限
  • 原文地址:https://www.cnblogs.com/dream397/p/14781705.html
Copyright © 2011-2022 走看看