iptables规则的关系

iptables规则的关系,是自上而下进行过虑的。所以添加规则时，要通过文件进行添加，这样的话，可以控制其顺序。A机器：[root@www ~]# netstat -an | grep 6100tcp 0 0 0.0.0.0:6100 0.0.0.0:* LISTEN tcp 0 0 192.168.5.140:6100 192.168.4.199:60194 ESTABLISHED tcp 0 0 192.168.5.140:6100 192.168.4.199:60196 ESTABLISHED tcp 0 0 192.168.5.140:6100 192.168.4.199:60193 ESTABLISHED tcp 0 0 192.168.5.140:6100 192.168.4.199:60195 ESTABLISHED 然则：B机器：[root@www ~]# telnet 192.168.5.140 5432Trying 192.168.5.140...Connected to 192.168.5.140.Escape character is '^]'.^CConnection closed by foreign host原因是：[root@www ~]# more /etc/sysconfig/iptables-A INPUT -j REJECT --reject-with icmp-host-PRohibited注：问题就出在这时，上面这个规则阻挡了下面的规则的执行-A INPUT -p tcp -m state --state NEW -m tcp --dport 6100 -j ACCEPT 所以调整如下：[root@www ~]# more /etc/sysconfig/iptables-A INPUT -p tcp -m state --state NEW -m tcp --dport 6100 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited这样的话：[root@www ~]# telnet 192.168.5.140 6100Trying 192.168.5.140...Connected to 192.168.5.140.Escape character is '^]'.Connection closed by foreign host.