[Linux]Iptables知识梳理(施工中)

之前就想写一下,特此总结。

补充一端RHEL写的关于firewalld和iptables的重要区别:

  • The iptables service stores configuration in /etc/sysconfig/iptables and /etc/sysconfig/ip6tables, while firewalld stores it in various XML files in /usr/lib/firewalld/ and /etc/firewalld/. Note that the /etc/sysconfig/iptables file does not exist as firewalld is installed by default on Red Hat Enterprise Linux.
  • With the iptables service, every single change means flushing all the old rules and reading all the new rules from /etc/sysconfig/iptables, while with firewalld there is no recreating of all the rules. Only the differences are applied. Consequently, firewalld can change the settings during runtime without existing connections being lost.

Both use iptables tool to talk to the kernel packet filter.

别人在朱双印博客的复制:
https://blog.csdn.net/armlinuxww/article/details/100764606

以下来自朱双印的博客(可惜原地址裂了):

iptables其实不是真正的防火墙,我们可以把它理解成一个客户端代理,用户通过iptables这个代理,将用户的安全设定执行到对应的"安全框架"中,这个"安全框架"才是真正的防火墙,这个框架的名字叫netfilter

netfilter才是防火墙真正的安全框架(framework),netfilter位于内核空间。

iptables其实是一个命令行工具,位于用户空间,我们用这个工具操作真正的框架。

一般我们的应用,也就是放置在应用层的,都是用户空间。除了应用层,其他层都是在内核空间

References:
https://blog.csdn.net/armlinuxww/article/details/100764606
https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules#:~:text=To flush a specific chain,sudo iptables -F INPUT
https://juejin.im/post/6844904057241337864
https://www.xiebruce.top/1071.html
https://wangchujiang.com/linux-command/c/iptables.html
https://blog.csdn.net/J080624/article/details/79436569
https://www.jianshu.com/p/ee4ee15d3658
https://www.zsythink.net/archives/1199
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-setting_and_controlling_ip_sets_using_iptables