[问题求助]请问iptables rule 与 eth* 的对应关系？？？ [复制链接]

Ipt.ables rule规则如下：    健康
---------.--------------------------------------.-------------------------------.-------------------.
iptables -P I.NPUT DROP虚拟主机
iptables -A INPUT .-i lo. -j ACCEPT服务器
iptables -A INPUT -i eth0 .-j .ACCEPT    美容
iptab.les -A INPUT -i et.h1 -j ACCEPT教育
iptables. -A INPUT -i eth2. -j ACCEPT域名
iptables -A INPUT -.i .eth3 -m state --state ESTABLISHED,RELATED -j ACCEPT(广告)
----------------------.---------------------.------------------------------------------------.------域名

i.ptables -L 显示 INPUT Chain 如下：..
---------------------------------------.--------.----------------------------------.----------------           女人
Chain .INPUT (policy DROP)          婚庆
target     .prot opt .source               destination         .
ACCEPT     a.ll  --  anywhere .            anywhere            
ACCEPT  .   all  --  anywhere        .     anywhere            .
ACCEP.T     all  --  anywhere        .     anywhere.            state RELATED,ESTABLISHED .
ACCEPT     all  --  anywhere             an.ywhere         .   <性病>
ACCEPT.    . all  --  anywhere             anywhere                        杀毒
----.----------------------------------------------------------------.----------------.-------------电脑
我很疑惑，请问Chain t.able 没有显示rule .和哪块网卡对应啊?            女人
i.ptables --help 也找不到有效参数。域名
还是我的这种想法有问题？？
请指点！！！！

QUOTE:我很疑惑，请问Chain table 没有显示rule 和哪块网卡对应啊?
iptables --help 也找不到有效参数。
还是我的这种想法有问题？？
请指点！！！！


QUOTE:# iptables --help
iptables v1.3.7

Usage: iptables -[AD] chain rule-specification [options]
       iptables -[RI] chain rulenum rule-specification [options]
       iptables -D chain rulenum [options]
       iptables -[LFZ] [chain] [options]
       iptables -[NX] chain
       iptables -E old-chain-name new-chain-name
       iptables -P chain target [options]
       iptables -h (print this help information)

Commands:
Either long or short options are allowed.
  --append  -A chain            Append to chain
  --delete  -D chain            Delete matching rule from chain
  --delete  -D chain rulenum
                                Delete rule rulenum (1 = first) from chain
  --insert  -I chain [rulenum]
                                Insert in chain as rulenum (default 1=first)
  --replace -R chain rulenum
                                Replace rule rulenum (1 = first) in chain
  --list    -L [chain]          List the rules in a chain or all chains
  --flush   -F [chain]          Delete all rules in  chain or all chains
  --zero    -Z [chain]          Zero counters in chain or all chains
  --new     -N chain            Create a new user-defined chain
  --delete-chain
            -X [chain]          Delete a user-defined chain
  --policy  -P chain target
                                Change policy on chain to target
  --rename-chain
            -E old-chain new-chain
                                Change chain name, (moving any references)
Options:
  --proto       -p [!] proto    protocol: by number or name, eg. `tcp'
  --source      -s [!] address[/mask]
                                source specification
  --destination -d [!] address[/mask]
                                destination specification
  --in-interface -i [!] input name[+]
                                network interface name ([+] for wildcard)
  --jump        -j target
                                target for rule (may load target extension)
  --goto        -g chain
                                jump to chain with no return
  --match       -m match
                                extended match (may load extension)
  --numeric     -n              numeric output of addresses and ports
  --out-interface -o [!] output name[+]
                                network interface name ([+] for wildcard)
  --table       -t table        table to manipulate (default: `filter')
  --verbose     -v              verbose mode
  --line-numbers                print line numbers when listing
  --exact       -x              expand numbers (display exact values)
[!] --fragment  -f              match second or further fragments only
  --modprobe=<command>          try to insert modules using this command
  --set-counters PKTS BYTES     set the counter during insert/append
[!] --version   -V              print package version.
root@PT_LINUX ~
#


QUOTE:# man iptables
       -v, --verbose
              Verbose  output.   This  option  makes the list command show the
              interface name, the rule options (if any), and  the  TOS  masks.
              The  packet  and  byte counters are also listed, with the suffix
              'K', 'M' or 'G' for 1000, 1,000,000 and 1,000,000,000  multipli-
              ers  respectively  (but  see  the  -x flag to change this).  For
              appending, insertion,  deletion  and  replacement,  this  causes
              detailed information on the rule or rules to be printed.


[ 本帖最后由 platinum 于 2007-8-10 08:59 编辑 ]

呵呵，这种问题应该放在“新手问题”，符合我新手的身份！！！

考验你悟性。
关键的话一句就足够了。废话10000句也解决不了问题。