iptables-save用來把當(dāng)前的規(guī)則存入一個(gè)文件里以備iptables-restore使用。它的使用很簡單，只有兩個(gè)參數(shù)：

iptables-save [-c] [-t table]

參數(shù)-c的作用是保存包和字節(jié)計(jì)數(shù)器的值。這可以使我們?cè)谥貑⒎阑饓蟛粊G失對(duì)包和字節(jié)的統(tǒng)計(jì)。帶-c參數(shù)的iptables-save命令使重啟防火墻而不中斷統(tǒng)計(jì)記數(shù)程序成為可能。這個(gè)參數(shù)默認(rèn)是不使用的。

參數(shù)-t指定要保存的表，默認(rèn)是保存所有的表。下面給出未裝載任何規(guī)則的情況下iptables-save的輸出。

# Generated by iptables-save v1.2.6a on Wed Apr 24 10:19:17 2002

*filter

:INPUT ACCEPT [404:19766]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [530:43376]

COMMIT

# Completed on Wed Apr 24 10:19:17 2002

# Generated by iptables-save v1.2.6a on Wed Apr 24 10:19:17 2002

*mangle

:PREROUTING ACCEPT [451:22060]

:INPUT ACCEPT [451:22060]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [594:47151]

:POSTROUTING ACCEPT [594:47151]

COMMIT

# Completed on Wed Apr 24 10:19:17 2002

# Generated by iptables-save v1.2.6a on Wed Apr 24 10:19:17 2002

*nat

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [3:450]

:OUTPUT ACCEPT [3:450]

COMMIT

# Completed on Wed Apr 24 10:19:17 2002

我們來解釋一下這個(gè)輸出格式。#后面的是注釋。表都以*開始，例如*mangle。每個(gè)表都包含鏈和規(guī)則，鏈的詳細(xì)說明是:[:]。例如，鏈的名字是 PREROUTING，策略是ACCEPT，然后是包記數(shù)器和字節(jié)計(jì)數(shù)器，這兩個(gè)計(jì)數(shù)器和iptables -L -v輸出中用到的計(jì)數(shù)器一樣。每個(gè)表的描述都以關(guān)鍵字COMMIT結(jié)束，它說明在這一點(diǎn)，就要把規(guī)則裝入內(nèi)核了。

上面的例子是最基本的，我想用一個(gè)簡短的例子說明會(huì)更好，其中包含一個(gè)非常小的規(guī)則集。iptables-save的輸出如下：

# Generated by iptables-save v1.2.6a on Wed Apr 24 10:19:55 2002

*filter

:INPUT DROP [1:229]

:FORWARD DROP [0:0]

:OUTPUT DROP [0:0]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -i eth1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

COMMIT

# Completed on Wed Apr 24 10:19:55 2002

# Generated by iptables-save v1.2.6a on Wed Apr 24 10:19:55 2002

*mangle

:PREROUTING ACCEPT [658:32445]

:INPUT ACCEPT [658:32445]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [891:68234]

:POSTROUTING ACCEPT [891:68234]

COMMIT

# Completed on Wed Apr 24 10:19:55 2002

# Generated by iptables-save v1.2.6a on Wed Apr 24 10:19:55 2002

*nat

:PREROUTING ACCEPT [1:229]

:POSTROUTING ACCEPT [3:450]

:OUTPUT ACCEPT [3:450]

-A POSTROUTING -o eth0 -j SNAT --to-source 195.233.192.1

COMMIT

# Completed on Wed Apr 24 10:19:55 2002

每個(gè)命令前都有包和字節(jié)計(jì)數(shù)器，這說明使用了-c參數(shù)。除了有計(jì)數(shù)器，其他的都和普通的腳本一樣。現(xiàn)在的問題是怎么把輸出保存到文件中。非常簡單，既然使用linux，你應(yīng)該早就知道了，用重定向啊：

iptables-save -c > /etc/iptables-save

這就會(huì)把規(guī)則集保存到/etc/iptables-save中，而且還有計(jì)數(shù)器。

總結(jié)

以上是生活随笔為你收集整理的笨办法学linux dhcp,iptables使用指南(上)的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。