然后 save 一下,调整一下规则的顺序,重新 reload 一下
代码语言:javascript复制[root@pptp-server ~]# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@pptp-server ~]# vim /etc/sysconfig/iptables
[root@pptp-server ~]# /etc/init.d/iptables reload
iptables: Trying to reload firewall rules: [ OK ]
[root@pptp-server ~]# 不过我习惯直接到 /etc/sysconfig/iptables 进行修改,检查无误后直接 reload
代码语言:javascript复制[root@pptp-server ~]# vim /etc/sysconfig/iptables
[root@pptp-server ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Tue Aug 25 00:02:45 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1081:165593]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Aug 25 00:02:45 2015
# Generated by iptables-save v1.4.7 on Tue Aug 25 00:02:45 2015
*nat
:PREROUTING ACCEPT [79:4384]
:POSTROUTING ACCEPT [4:250]
:OUTPUT ACCEPT [4:250]
-A POSTROUTING -s 192.168.123.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Aug 25 00:02:45 2015
[root@pptp-server ~]# /etc/init.d/iptables reload
iptables: Trying to reload firewall rules: [ OK ]
[root@pptp-server ~]# 
