This topic created in 3281 days ago, the information mentioned may be changed or developed.
这两种写法,最终结果是否相同?
第一种:
-A INPUT -p udp --dport 10000:65000 -j ACCEPT
-A INPUT -p tcp --dport 16666:20000 -j ACCEPT
第二种:
-A INPUT -p udp -m udp --dport 10000:65000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 16666:20000 -j ACCEPT
在网上找了一堆资料,也没看明白是什么意思,求高人指点一下,两者有没有什么不同,执行的结果是不是一样的?
3 replies • 2017-06-04 08:08:47 +08:00
 |
|
1
auser Jun 3, 2017
网上找资料不如读文档。
iptables-extensions(8) iptables 1.6.0 iptables-extensions(8)
NAME
iptables-extensions — list of extensions in the standard iptables distribution
SYNOPSIS
ip6tables [-m name [module-options...]] [-j target-name [target-options...]
iptables [-m name [module-options...]] [-j target-name [target-options...]
MATCH EXTENSIONS
iptables can use extended packet matching modules with the -m or --match options, followed by the matching module name; after these, various extra command line options become available, depending on the specific module. You can specify multiple extended match modules in one line, and you can use the -h or --help options after the module has been specified to receive help specific to that module. The extended match modules are evaluated in the order they are specified in the rule.
--------------------------
If the -p or --protocol was specified and if and only if an unknown option is encountered, iptables will try load a match module of the same name as the protocol, to try making the option available.
--------------------------
tcp
These extensions can be used if `--protocol tcp' is specified. It provides the following options:
udp
These extensions can be used if `--protocol udp' is specified. It provides the following options:
|
 |
|
2
ryd994 Jun 4, 2017
一样
-p udp 会自动加载 -m udp
如果你用 iptables-save 导出看就是一样的
|
Select Language