所以我加了sudo iptables -t raw -A PREROUTING -p tcp --dport 25 -j TRACE
也sudo iptables -t raw -A OUTPUT -p tcp --dport 25 -j TRACE
当我为 TRACE 搜索系统日志时,我得到如下所示的输出
Jan 19 09:14:46 dev109 kernel: [29067248.683235] TRACE: raw:OUTPUT:rule:2 IN= OUT=eth0 ...
Jan 19 09:14:46 dev109 kernel: [29067248.683244] TRACE: raw:OUTPUT:policy:5 IN= OUT=eth0 ...
Jan 19 09:14:46 dev109 kernel: [29067248.683254] TRACE: mangle:OUTPUT:policy:1 IN= OUT=eth0 ...
Jan 19 09:14:46 dev109 kernel: [29067248.683262] TRACE: filter:OUTPUT:policy:1 ...
Jan 19 09:14:46 dev109 kernel: [29067248.683269] TRACE: mangle:POSTROUTING:policy:1 ...
Jan 19 09:14:46 dev109 kernel: [29067248.683432] TRACE: raw:OUTPUT:rule:4 IN= OUT=eth0 ...
Jan 19 09:14:46 dev109 kernel: [29067248.683441] TRACE: raw:OUTPUT:policy:5 IN= OUT=eth0 ...
我试图了解保单编号所指的是
policy:1 == ACCEPT ?, 如果是这样,policy:5 是什么意思?意思?
最佳答案
policy:1是 type:rulenum .或者换一种方式type="policy"和 rulenum=1 .
阅读 this小心。具体来说:
TRACE This target marks packes so that the kernel will log every rule which match the packets as those traverse the tables, chains, rules. (The ipt_LOG or ip6t_LOG module is required for the logging.) The packets are logged with the string prefix:
"TRACE: tablename:chainname:type:rulenum " where type can be "rule" for plain rule, "return" for implicit rule at the end of a user defined chain and "policy" for the policy of the built in chains. It can only be used in the raw table.
现在让我们从问题
TRACE: mangle:OUTPUT:policy:1 中选取一个前缀并应用我们学到的知识:tablename = mangle
chainname = OUTPUT
type = policy]
rulenum = 1
关于iptables - 如何读取 iptables TRACE 日志(策略编号),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41748330/