简释iptables防火墙

-A PREROUTING –p udp --dport 53 –j ACCEPT

-A PREROUTING –p tcp --dport 22 –j ACCEPT

-A PREROUTING –p tcp --dport 1863 –j ACCEPT

-A PREROUTING –p tcp --dport 443 –j ACCEPT

-A PREROUTING –p tcp --dport 8000 –j ACCEPT

-A PREROUTING –p udp --dport 8000 –j ACCEPT

-A PREROUTING –p udp --dport 4000 –j ACCEPT

-A PREROUTING –p tcp --dport 110 –j ACCEPT

-A PREROUTING –p tcp --dport 25 –j ACCEPT

-A POSTROUTING –s 192.168.5.0/24 –j SNAT –to 218.100.100.111

-A POSTROUTING –o eth1 –s 0/0 –j SNAT –to 192.168.5.1

-L –v

COMMIT

################################################

*filter

##############################

:INPUT DROP [0:0]

:FORWARD DROP [0:0]

:OUTPUT DROP [0:0]

##############################

-F

-Z

-X

-A INPUT –p tcp --dport 22 –j ACCEPT

-A OUTPUT –p tcp --sport 22 –j ACCEPT

-A FORWARD –p tcp --dport 80 –j ACCEPT

-A FORWARD –p tcp --sport 80 –j ACCEPT

-A FORWARD –p udp --dport 53 –j ACCEPT

-A FORWARD –p udp --sport 53 –j ACCEPT

-A FORWARD –p tcp --dport 1863 –j ACCEPT

-A FORWARD –p tcp --sport 1863 –j ACCEPT

-A FORWARD –p tcp --dport 443 –j ACCEPT

-A FORWARD –p tcp --sport 443 –j ACCEPT

-A FORWARD –p tcp --dport 8000 –j ACCEPT

-A FORWARD –p tcp --sport 8000 –j ACCEPT

-A FORWARD –p udp --dport 8000 –j ACCEPT

-A FORWARD –p udp --sport 8000 –j ACCEPT

-A FORWARD –p udp --dport 4000 –j ACCEPT

-A FORWARD –p udp --sport 4000 –j ACCEPT

-A FORWARD –p tcp --dport 110 –j ACCEPT

-A FORWARD –p tcp --sport 110 –j ACCEPT

-A FORWARD –p tcp --dport 25 –j ACCEPT

-A FORWARD –p tcp --sport 25 –j ACCEPT

-L –v

COMMIT

##########################################################################

7、 其它注意事项

1)在使用iptables防火墙之前，必须先打开IP转发功能。

# echo “1” > /proc/sys/net/ipv4/ip_forward

2)以上内容（第6步生成的内容）保存到 /etc/sysconfig/iptables文件中。

3）每修改一次iptables文件后，都要重启iptalbes

# service iptables restart

以上就是我对iptables的初浅理解，里面的语句已在RedHat 9.0上测试通过。