[root@localhost ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.130 netmask 255.255.255.0 broadcast 192.168.202.255
inet6 fe80::20c:29ff:feff:458f prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ff:45:8f txqueuelen 1000 (Ethernet)
RX packets 3131 bytes 295354 (288.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 345 bytes 37930 (37.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ff:45:8f brd ff:ff:ff:ff:ff:ff
inet 192.168.202.130/24 brd 192.168.202.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feff:458f/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]#
[root@localhost ~]# ifdown eno16777736 && ifup eno16777736 //关闭网卡后并重新启动网卡
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@localhost ~]#
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-eno16777736 ifdown-isdn ifdown-tunnel ifup-isdn ifup-Team
ifcfg-lo ifdown-post ifup ifup-plip ifup-TeamPort
ifdown ifdown-ppp ifup-aliases ifup-plusb ifup-tunnel
ifdown-bnep ifdown-routes ifup-bnep ifup-post ifup-wireless
ifdown-eth ifdown-sit ifup-eth ifup-ppp init.ipv6-global
ifdown-ippp ifdown-Team ifup-ippp ifup-routes network-functions
ifdown-ipv6 ifdown-TeamPort ifup-ipv6 ifup-sit network-functions-ipv6
[root@localhost network-scripts]# cp ifcfg-eno16777736 ifcfg-eno16777736\:0 //增加反斜杠就为了脱义冒号
[root@localhost network-scripts]# vi !$
vi ifcfg-eno16777736\:0
更改其中的网卡名称和IP、DNS1和网关GATEWAY都可删除(可删除)
将NAME=eno16777736名称更改为NAME=eno16777736:0——>配置文件中的 冒号 ,就不需要脱义了
添加DEVICE=eno16777736:0——>这一步若不添加,我的虚拟网卡实现不了
将IP地址IPADDR=192.168.202.130更改为192.168.202.150(这里面的ip可随意更改)
DNS1和网关GATEWAY都可删除(可删除)——>因为已经有了DNS和网关GATEWAY了
然后退出保存
[root@localhost network-scripts]# ifdown eno16777736 && ifup eno16777736
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/Act
[root@localhost network-scripts]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.130 netmask 255.255.255.0 broadcast 192.168.202.255
inet6 fe80::20c:29ff:feff:458f prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ff:45:8f txqueuelen 1000 (Ethernet)
RX packets 4180 bytes 393171 (383.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 982 bytes 138704 (135.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno16777736:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.150 netmask 255.255.255.0 broadcast 192.168.202.255
ether 00:0c:29:ff:45:8f txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost network-scripts]#
[root@localhost ~]# mii-tool eno16777736
eno16777736: negotiated 1000baseT-FD flow-control, link ok
[root@localhost ~]#
[root@localhost ~]# hostnamectl set-hostname hanfeng-001
[root@localhost ~]# hostname //在当前终端下,使用hostname命令,查看主机名
hanfeng-001
[root@localhost ~]#
但会发主机名并没有立即生效,需要退出重新登录终端,或者进入一个子shell(输入一个bash即可)
[root@localhost ~]# bash
[root@hanfeng-001 ~]# //就会看到主机名变更了
[root@hanfeng-001 ~]# cat /etc/hostname
hanfeng-001
[root@hanfeng-001 ~]#
[root@hanfeng-001 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 119.29.29.29
[root@hanfeng-001 ~]#
[root@hanfeng-001 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
[[root@hanfeng-001 ~]# ping www.qq123.com
PING www.qq123.com (202.91.250.93) 56(84) bytes of data.
64 bytes from 202.91.250.93: icmp_seq=1 ttl=128 time=11.6 ms
64 bytes from 202.91.250.93: icmp_seq=2 ttl=128 time=11.3 ms
64 bytes from 202.91.250.93: icmp_seq=3 ttl=128 time=11.7 ms
64 bytes from 202.91.250.93: icmp_seq=4 ttl=128 time=11.8 ms
^C
--- www.qq123.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 11.363/11.652/11.811/0.172 ms
[root@hanfeng-001 ~]#
[root@hanfeng-001 ~]# vim /etc/hosts
在/etc/hosts文件添加 192.168.202.150 www.qq123.com
[root@hanfeng-001 ~]# ping www.qq123.com
PING www.qq123.com (192.168.202.150) 56(84) bytes of data.
64 bytes from www.qq123.com (192.168.202.150): icmp_seq=1 ttl=64 time=0.100 ms
64 bytes from www.qq123.com (192.168.202.150): icmp_seq=2 ttl=64 time=0.045 ms
64 bytes from www.qq123.com (192.168.202.150): icmp_seq=3 ttl=64 time=0.042 ms
^C
--- www.qq123.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.042/0.062/0.100/0.027 ms
[root@hanfeng-001 ~]#
[root@hanfeng-001 ~]# vi /etc/selinux/config
将SELINUX=enforcing更改为SELINUX=disabled
然后在重启系统,就会永久关闭selinux
(若是将SELINUXTYPE=targeted 这里更改了,就会无法开启系统!!!千万注意)
[root@hanfeng-001 ~]# getenforce
Enforcing
[root@hanfeng-001 ~]# setenforce 0 //临时关闭
[root@hanfeng-001 ~]# getenforce
Permissive
[root@hanfeng-001 ~]#
关闭firewalld
[root@hf-01 ~]# systemctl disable firewalld //停掉firewalld,就是限制开机启动
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@hf-01 ~]# systemctl stop firewalld //关闭firewalld服务
开启netfilter
在开启之前,需要先安装一个iptables-services包
[root@hf-01 ~]# yum install -y iptables-services
[root@hf-01 ~]# systemctl enable iptables //设置开启激动
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@hf-01 ~]# systemctl start iptables //开启iptables服务
[root@hf-01 ~]#
[root@hf-01 ~]# iptables -nvL //查看默认规则
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
35 2436 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 22 packets, 3152 bytes)
pkts bytes target prot opt in out source destination
[root@hf-01 ~]#
[root@hf-01 ~]# man iptables
查看五个表
filter:
This is the default table (if no -t option is passed). It contains
the built-in chains INPUT (for packets destined to local sockets),
FORWARD (for packets being routed through the box), and OUTPUT (for
locally-generated packets).
nat:
This table is consulted when a packet that creates a new connection
is encountered. It consists of three built-ins: PREROUTING (for
altering packets as soon as they come in), OUTPUT (for altering
locally-generated packets before routing), and POSTROUTING (for
altering packets as they are about to go out). IPv6 NAT support is
available since kernel 3.7.
mangle:
This table is used for specialized packet alteration. Until kernel
2.4.17 it had two built-in chains: PREROUTING (for altering incom‐
ing packets before routing) and OUTPUT (for altering locally-gener‐
ated packets before routing). Since kernel 2.4.18, three other
built-in chains are also supported: INPUT (for packets coming into
the box itself), FORWARD (for altering packets being routed through
the box), and POSTROUTING (for altering packets as they are about
to go out).
raw:
This table is used mainly for configuring exemptions from connec‐
tion tracking in combination with the NOTRACK target. It registers
at the netfilter hooks with higher priority and is thus called
before ip_conntrack, or any other IP tables. It provides the fol‐
lowing built-in chains: PREROUTING (for packets arriving via any
network interface) OUTPUT (for packets generated by local pro‐
cesses)
security:
This table is used for Mandatory Access Control (MAC) networking
rules, such as those enabled by the SECMARK and CONNSECMARK tar‐
gets. Mandatory Access Control is implemented by Linux Security
Modules such as SELinux. The security table is called after the
filter table, allowing any Discretionary Access Control (DAC) rules
in the filter table to take effect before MAC rules. This table
provides the following built-in chains: INPUT (for packets coming
into the box itself), OUTPUT (for altering locally-generated pack‐
ets before routing), and FORWARD (for altering packets being routed
through the box).
[root@hf-01 ~]# iptables -nvL //查看iptables规则
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
357 28956 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 184 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
18 1404 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 251 packets, 57368 bytes)
pkts bytes target prot opt in out source destination
[root@hf-01 ~]#
[root@hf-01 ~]# service iptables restart
Redirecting to /bin/systemctl restart iptables.service
[root@hf-01 ~]#
[root@hf-01 ~]# cat /etc/sysconfig/iptables //存放默认规则的位置
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@hf-01 ~]#
[root@hf-01 ~]# iptables -F
[root@hf-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 8 packets, 576 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 5 packets, 636 bytes)
pkts bytes target prot opt in out source destination
[root@hf-01 ~]#
[root@hf-01 ~]# service iptables restart
Redirecting to /bin/systemctl restart iptables.service
[root@hf-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
12 872 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 8 packets, 2048 bytes)
pkts bytes target prot opt in out source destination
[root@hf-01 ~]#
[root@hf-01 ~]# iptables -Z; iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@hf-01 ~]#
[root@hf-01 ~]# iptables -t filter -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
52 3592 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 28 packets, 5152 bytes)
pkts bytes target prot opt in out source destination
[root@hf-01 ~]#
[root@hf-01 ~]# iptables -A INPUT -s 192.168.188.1 -p tcp --sport 1234 -d 192.168.188.128 --dport 80 -j DROP //新增规则
[root@hf-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
97 7172 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
27 2106 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
0 0 DROP tcp -- * * 192.168.188.1 192.168.188.128 tcp spt:1234 dpt:80
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 22 packets, 3768 bytes)
pkts bytes target prot opt in out source destination
[root@hf-01 ~]#
[root@hf-01 ~]# iptables -I INPUT -p tcp --dport 80 -j DROP
[root@hf-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
238 18252 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
27 2106 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
0 0 DROP tcp -- * * 192.168.188.1 192.168.188.128 tcp spt:1234 dpt:80
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 8 packets, 2288 bytes)
pkts bytes target prot opt in out source destination
[root@hf-01 ~]#
[root@hf-01 ~]# iptables -D INPUT -p tcp --dport 80 -j DROP //删除规则
[root@hf-01 ~]# iptables -D INPUT -s 192.168.188.1 -p tcp --sport 1234 -d 192.168.188.128 --dport 80 -j DROP //删除规则
[root@hf-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
401 33844 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
27 2106 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 4 packets, 592 bytes)
pkts bytes target prot opt in out source destination
[root@hf-01 ~]#
[root@hf-01 ~]# iptables -nvL --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 605 53404 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
4 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
6 27 2106 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
7 0 0 DROP tcp -- * * 192.168.188.1 192.168.188.128 tcp spt:1234 dpt:80
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 47 packets, 7652 bytes)
num pkts bytes target prot opt in out source destination
[root@hf-01 ~]# iptables -D INPUT 7 //删除序列7的规则
[root@hf-01 ~]# iptables -nvL --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 662 57360 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
4 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
6 27 2106 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 4 packets, 464 bytes)
num pkts bytes target prot opt in out source destination
[root@hf-01 ~]#