简体繁体 English

iptables默认链优先级？

[英]Iptables default chains priority?

原文 2016-09-12 08:49:25 3 1 ubuntu/ iptables/ rpyc

In order to check the RPyC module, I created 2 VM's (Ubuntu and Xubuntu), and tried to communicate between them. 为了检查RPyC模块，我创建了2个VM（Ubuntu和Xubuntu），并尝试在它们之间进行通信。 At first, I ran the RPyC server on the ubuntu VM , and connected from the Xubuntu VM . 首先，我在ubuntu VM上运行RPyC服务器，并从Xubuntu VM进行连接。 Went well! 顺利！

Then, I switched between them. 然后，我在它们之间切换。 I ran the server on the Xubuntu VM this time, and tried to connect from the Ubuntu VM . 这次我在Xubuntu VM上运行服务器，并尝试从Ubuntu VM连接。 I've got a "No route to host" message. 我收到“没有通往主机的路线”消息。

The first thing I though is to try the firewall. 我的第一件事就是尝试防火墙。 When i shut down the firewall, I managed to connect, so I tried to look at the Iptables rules-list in the machine. 当我关闭防火墙时，我设法进行连接，因此我尝试查看计算机中的Iptables规则列表。

The INPUT chain in the iptables had bunch of different rules, where all of them, except from one was ACCEPT , when the first one was ACCEPT all . iptables中的INPUT链具有许多不同的规则，其中所有规则，除了其中一个是ACCEPT ，而第一个是ACCEPT all时 。 The last one was REJECT all (don't ask why, it wasn't my configuration). 最后一个是全部拒绝 （不要问为什么，这不是我的配置）。

I tried to delete the rules one by one until I was able to connect, and when I deleted the last one, the REJECT all , I was able to connect. 我尝试一个接一个地删除规则，直到能够连接为止，然后删除最后一个规则，即REJECT all ，就可以连接了。

My question is- why, although it was the last rule in the chain list, the REJECT all overrides the ACCEPT all rule? 我的问题是-为什么，尽管这是链表中的最后一条规则，但全部拒绝都覆盖全部接受规则？ is there any prioritise of the default Iptables CHAINS? 默认的Iptables链有什么优先级？

Thanks in advance, 提前致谢，

Idan 伊丹

1 个解决方案

Indeed, rules are read from top to bottom. 确实，规则是从上至下阅读的。 Could you try to explicitly append the rules you want at the top? 您能否尝试将想要的规则附加到顶部？ For example for ssh: 例如ssh：

/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT / sbin / iptables -A输入-p tcp --dport 22 -j接受

/sbin/iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT / sbin / iptables -A输出-p tcp --sport 22 -j接受