Centos iptables-config 配置參數說明

時間 2019-11-16

標籤 centos iptables config 配置參數說明欄目 CentOS 简体版

原文原文鏈接

下面是Centos7 默認的iptables-config 配置app

# Load additional iptables modules (nat helpers)
#   Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
# 每次防火牆規則應用之後加載的模塊,能夠指定多個，以空格分開
IPTABLES_MODULES=""

# Unload modules on restart and stop
#   Value: yes|no,  default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
# 在從新啓動和中止iptables模塊時，是否卸載此模塊
IPTABLES_MODULES_UNLOAD="yes"

# Save current firewall rules on stop.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
# 當防火牆中止時，是否保存當前防火牆規則到iptables文件，默認不保存
IPTABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
# 當防火牆重啓時，是否保存當前防火牆規則到iptables文件，默認不保存
IPTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule and chain counter.
#   Value: yes|no,  default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
# 重啓時是否保存並恢復全部chain和規則中的數據包和字節計數器，默認否
IPTABLES_SAVE_COUNTER="no"

# Numeric status output
#   Value: yes|no,  default: yes
# Print IP addresses and port numbers in numeric format in the status output.
# 輸出的IP地址是數字的格式，而不是域名和主機名的形式，yes：（默認值）在狀態輸出中只包括IP地址，no：在狀態輸出中返回域名或主機名
IPTABLES_STATUS_NUMERIC="yes"

# Verbose status output
#   Value: yes|no,  default: yes
# Print info about the number of packets and bytes plus the "input-" and
# "outputdevice" in the status output.
# 輸出iptables狀態時，是否包含輸入輸出設備，默認是
IPTABLES_STATUS_VERBOSE="no"

# Status output with numbered lines
#   Value: yes|no,  default: yes
# Print a counter/number for every rule in the status output.
# 輸出iptables狀態時，是否同時輸出每條規則的匹配數，默認是
IPTABLES_STATUS_LINENUMBERS="yes"

# Reload sysctl settings on start and restart
#   Default: -none-
# Space separated list of sysctl items which are to be reloaded on start.
# List items will be matched by fgrep.
# 在啓動和從新啓動時從新加載sysctl設置，指定配置文件
#IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf"

# Set wait option for iptables-restore calls in seconds
#   Default: 600
# Set to 0 to deactivate the wait.
# 裝載由iptables-save保存的規則集的等待時間，默認600秒，設置爲0表示不等待
#IPTABLES_RESTORE_WAIT=600

# Set wait interval option for iptables-restore calls in microseconds
#   Default: 1000000
# Set to 100000 to try to get the lock every 100000 microseconds, 10 times a
# second.
# Only usable with IPTABLES_RESTORE_WAIT > 0
# 和上面同樣，但單位是微秒
#IPTABLES_RESTORE_WAIT_INTERVAL=1000000