其中一些更改是内核更改的结果,而另一些则是 ipchains 与 ipfwadm 不同的结果。
input 而不是 -I)。-k 选项已消失:请使用 ! -y。-b 选项实际上插入/附加/删除两个规则,而不是单个“双向”规则。-b 选项可以传递给 -C 以执行两次检查(每个方向一次)。-x 选项(用于 -l)已被 -v 替换。
[ 主要,命令参数为大写,选项参数为小写 ]
需要注意的一点是,伪装由 -j MASQ 指定; 它与 -j ACCEPT 完全不同,并且不像 ipfwadm 那样,不被视为仅仅是副作用。
================================================================ | ipfwadm | ipchains | Notes ---------------------------------------------------------------- | -A [both] | -N acct | Create an `acct' chain | |& -I 1 input -j acct | and have output and input | |& -I 1 output -j acct | packets traverse it. | |& acct | ---------------------------------------------------------------- | -A in | input | A rule with no target ---------------------------------------------------------------- | -A out | output | A rule with no target ---------------------------------------------------------------- | -F | forward | Use this as [chain]. ---------------------------------------------------------------- | -I | input | Use this as [chain]. ---------------------------------------------------------------- | -O | output | Use this as [chain]. ---------------------------------------------------------------- | -M -l | -M -L | ---------------------------------------------------------------- | -M -s | -M -S | ---------------------------------------------------------------- | -a policy | -A [chain] -j POLICY | (but see -r and -m). ---------------------------------------------------------------- | -d policy | -D [chain] -j POLICY | (but see -r and -m). ---------------------------------------------------------------- | -i policy | -I 1 [chain] -j POLICY| (but see -r and -m). ---------------------------------------------------------------- | -l | -L | ---------------------------------------------------------------- | -z | -Z | ---------------------------------------------------------------- | -f | -F | ---------------------------------------------------------------- | -p | -P | ---------------------------------------------------------------- | -c | -C | ---------------------------------------------------------------- | -P | -p | ---------------------------------------------------------------- | -S | -s | Only takes one port or | | | range, not multiples. ---------------------------------------------------------------- | -D | -d | Only takes one port or | | | range, not multiples. ---------------------------------------------------------------- | -V | <none> | Use -i [name]. ---------------------------------------------------------------- | -W | -i | ---------------------------------------------------------------- | -b | -b | Now actually makes 2 rules. ---------------------------------------------------------------- | -e | -v | ---------------------------------------------------------------- | -k | ! -y | Doesn't work unless | | | -p tcp also specified. ---------------------------------------------------------------- | -m | -j MASQ | ---------------------------------------------------------------- | -n | -n | ---------------------------------------------------------------- | -o | -l | ---------------------------------------------------------------- | -r [redirpt] | -j REDIRECT [redirpt] | ---------------------------------------------------------------- | -t | -t | ---------------------------------------------------------------- | -v | -v | ---------------------------------------------------------------- | -x | -x | ---------------------------------------------------------------- | -y | -y | Doesn't work unless | | | -p tcp also specified. ----------------------------------------------------------------
旧命令:ipfwadm -F -p deny
新命令:ipchains -P forward DENY
旧命令:ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
新命令:ipchains -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0
旧命令:ipfwadm -I -a accept -V 10.1.2.1 -S 10.0.0.0/8 -D 0.0.0.0/0
新命令:ipchains -A input -j ACCEPT -i eth0 -s 10.0.0.0/8 -d 0.0.0.0/0
(请注意,没有通过地址指定接口的等效方法:请使用接口名称。 在这台机器上,10.1.2.1 对应于 eth0)。