内容简介:下面是Centos7 默认的iptables-config 配置
下面是Centos7 默认的iptables-config 配置
# Load additional iptables modules (nat helpers) # Default: -none- # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which # are loaded after the firewall rules are applied. Options for the helpers are # stored in /etc/modprobe.conf. # 每次防火墙规则应用以后加载的模块,可以指定多个,以空格分开 IPTABLES_MODULES="" # Unload modules on restart and stop # Value: yes|no, default: yes # This option has to be 'yes' to get to a sane state for a firewall # restart or stop. Only set to 'no' if there are problems unloading netfilter # modules. # 在重新启动和停止iptables模块时,是否卸载此模块 IPTABLES_MODULES_UNLOAD="yes" # Save current firewall rules on stop. # Value: yes|no, default: no # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped # (e.g. on system shutdown). # 当防火墙停止时,是否保存当前防火墙规则到iptables文件,默认不保存 IPTABLES_SAVE_ON_STOP="no" # Save current firewall rules on restart. # Value: yes|no, default: no # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets # restarted. # 当防火墙重启时,是否保存当前防火墙规则到iptables文件,默认不保存 IPTABLES_SAVE_ON_RESTART="no" # Save (and restore) rule and chain counter. # Value: yes|no, default: no # Save counters for rules and chains to /etc/sysconfig/iptables if # 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or # SAVE_ON_RESTART is enabled. # 重启时是否保存并恢复所有chain和规则中的数据包和字节计数器,默认否 IPTABLES_SAVE_COUNTER="no" # Numeric status output # Value: yes|no, default: yes # Print IP addresses and port numbers in numeric format in the status output. # 输出的IP地址是数字的格式,而不是域名和主机名的形式,yes:(默认值)在状态输出中只包括IP地址,no:在状态输出中返回域名或主机名 IPTABLES_STATUS_NUMERIC="yes" # Verbose status output # Value: yes|no, default: yes # Print info about the number of packets and bytes plus the "input-" and # "outputdevice" in the status output. # 输出iptables状态时,是否包含输入输出设备,默认是 IPTABLES_STATUS_VERBOSE="no" # Status output with numbered lines # Value: yes|no, default: yes # Print a counter/number for every rule in the status output. # 输出iptables状态时,是否同时输出每条规则的匹配数,默认是 IPTABLES_STATUS_LINENUMBERS="yes" # Reload sysctl settings on start and restart # Default: -none- # Space separated list of sysctl items which are to be reloaded on start. # List items will be matched by fgrep. # 在启动和重新启动时重新加载sysctl设置,指定配置文件 #IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf" # Set wait option for iptables-restore calls in seconds # Default: 600 # Set to 0 to deactivate the wait. # 装载由iptables-save保存的规则集的等待时间,默认600秒,设置为0表示不等待 #IPTABLES_RESTORE_WAIT=600 # Set wait interval option for iptables-restore calls in microseconds # Default: 1000000 # Set to 100000 to try to get the lock every 100000 microseconds, 10 times a # second. # Only usable with IPTABLES_RESTORE_WAIT > 0 # 和上面一样,但单位是微秒 #IPTABLES_RESTORE_WAIT_INTERVAL=1000000
以上所述就是小编给大家介绍的《Centos iptables-config 配置参数说明》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
