清理iptables的NAT规则,PREROUTING

2021-01-13 03:46

查看规则

 加一个-n以数字形式显示IP和端口

iptables --list -t nat -n --line-numbers

得到结果

Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8090
2 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8100 redir ports 8000

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

查看num序号,比如第一条,删除命令如下

iptables -t nat -D POSTROUTING 1

查看配置防止覆盖

/etc/sysconfig/iptables,如果有保存,需要将配置中的记录也删除,否则重启后又会回到原来的状态

cat /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Fri Mar 23 21:32:20 2018
*nat
:PREROUTING ACCEPT [79030:31830901]
:POSTROUTING ACCEPT [6640:610885]
:OUTPUT ACCEPT [6640:610885]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8090
-A PREROUTING -p tcp -m tcp --dport 8100 -j REDIRECT --to-ports 8000
COMMIT
# Completed on Fri Mar 23 21:32:20 2018
# Generated by iptables-save v1.4.7 on Fri Mar 23 21:32:20 2018
*filter
:INPUT ACCEPT [332:17311]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [437:48131]
-A INPUT -p tcp -m tcp --dport 11234 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8100 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2183 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2182 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2181 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8050 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 11211 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8090 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
COMMIT
# Completed on Fri Mar 23 21:32:20 2018

规则保存,会根据现在的配置重新写配置到/etc/sysconfig/iptables文件

service iptables save

重启iptables服务

service iptables restart