如何从iptables中删除特定规则? [英] How can I remove specific rules from iptables?

问题描述

我分别在端口8006和8007上托管特殊的HTTP和HTTPS服务.我使用iptables来激活"服务器；即路由传入的HTTP和HTTPS端口:

I am hosting special HTTP and HTTPS services on the ports 8006 and 8007 respectively. I use iptables to "activate" the server; i.e. to route the incoming HTTP and HTTPS ports:

iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8006 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8007 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8006 
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8007  
iptables -A OUTPUT -t nat -d 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 8006
iptables -A OUTPUT -t nat -d 127.0.0.1 -p tcp --dport 443 -j REDIRECT --to-ports 8007 

这就像一个护身符.但是，我想创建另一个脚本来再次禁用服务器.也就是说，将iptables恢复到运行上述行之前的状态.但是我很难弄清楚删除这些规则的语法.似乎唯一有效的方法是完全冲洗:

This works like a charm. However I would like to create another script that disables my server again; i.e. restore iptables to the state it was in before running the lines above. However I am having a hard time figuring out the syntax to remove these rules. The only thing that seems to work is a complete flush:

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

但这也会删除其他不希望的iptables规则.

But that will also delete other iptables rules which is undesired.

推荐答案

执行相同的命令，但将"-A"替换为"-D".例如:

Execute the same commands but replace the "-A" with "-D". For example:

iptables -A ...

成为

iptables -D ...

这篇关于如何从iptables中删除特定规则?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！