如何清理掉iptables的NAT的POSTROUTING规则

我查看规则只能看到input 、forward、output的规则 [code][root@cn-u-web1 ~]# iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 8283M 1271G ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 153K 7918K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT udp -- eth0 * 192.168.3.137 0.0.0.0/0 udp dpt:161 0 0 ACCEPT udp -- eth0 * 192.168.3.138 0.0.0.0/0 udp dpt:161 14361 634K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 4224K 291M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 3748M 253G ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 22G 23T ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 52M 19G DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 39G packets, 3877G bytes) pkts bytes target prot opt in out source destination [/code]怎么查看到NAT的规则,然后删除呢?
已邀请:

空心菜 - 心向阳光,茁壮成长

赞同来自: 小白菜

这个很简单啊,首先你要查看到nat表的防火墙规则:
[root@Thost crh]# iptables -t nat -L -n --line-numbers
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 10.3.0.0/16 !10.3.0.0/16

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
如上面所示,我设置了一条nat的POSTROUTING规则,他的规则num id 为1。

确定你要删除的是哪一条规则,查看到了它是第几条规则,规则最前面有序号num,则删除如下:
iptables -t nat -D POSTROUTING 1

要回复问题请先登录注册