Tente:
rmmod iptable_mangle
depois de remover todas as entradas da tabela mangle (e possivelmente - restaurar as políticas de cadeia padrão).
como faço para excluir uma tabela no iptables (em oposição a uma cadeia)?
Eu tenho algumas tabelas vazias que estão recebendo saída por iptables-save , embora eu esteja usando apenas a tabela 'filter'.
Por exemplo, eu gostaria que iptables-save não produzisse nenhuma saída em relação à tabela 'mangle'. Hoje eu estava brincando com o iptables e usei a tabela mangle. Minha saída do iptables-save costumava ficar assim:
# Generated by iptables-save v1.6.0 on Thr Jun 21 00:00:00 2018
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j DROP
COMMIT
# Completed on Thr Jun 21 00:00:00 2018
Mas agora parece assim:
# Generated by iptables-save v1.6.0 on Sat Jun 23 00:00:00 2018
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Jun 23 00:00:00 2018
# Generated by iptables-save v1.6.0 on Sat Jun 23 00:00:00 2018
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j DROP
COMMIT
# Completed on Sat Jun 23 00:00:00 2018
Como excluo essa tabela 'mangle' não usada para limpar minha saída de salvamento do iptables?
Você pode liberar as regras da tabela mangle e excluir quaisquer cadeias opcionais dentro dessa forma:
$ sudo iptables -t mangle -F
$ sudo iptables -t mangle -X
Para começar, observe que a tabela mangle está vazia
$ iptables -t mangle -L -v --line-numbers
Chain PREROUTING (policy ACCEPT 16 packets, 928 bytes)
num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 16 packets, 928 bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 8 packets, 608 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 8 packets, 608 bytes)
num pkts bytes target prot opt in out source destination
Agora adicione uma regra de amostra
$ iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
$ iptables -t mangle -L -v --line-numbers
Chain PREROUTING (policy ACCEPT 6 packets, 348 bytes)
num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 6 packets, 348 bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS set 1452
Chain OUTPUT (policy ACCEPT 3 packets, 236 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 3 packets, 236 bytes)
num pkts bytes target prot opt in out source destination
Agora esvazie e exclua
$ iptables -t mangle -F
$ iptables -t mangle -X
$ iptables -t mangle -L -v --line-numbers
Chain PREROUTING (policy ACCEPT 20 packets, 1160 bytes)
num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 20 packets, 1160 bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 10 packets, 760 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 10 packets, 760 bytes)
num pkts bytes target prot opt in out source destination