iptables規則的關系,是自上而下進行過慮的。所以添加規則時，要通過文件進行添加，這樣的話，可以控制其順序。A機器：[root@www ~]# netstat -an | grep 6100tcp 0 0 0.0.0.0:6100 0.0.0.0:* LISTEN tcp 0 0 192.168.5.140:6100 192.168.4.199:60194 ESTABLISHED tcp 0 0 192.168.5.140:6100 192.168.4.199:60196 ESTABLISHED tcp 0 0 192.168.5.140:6100 192.168.4.199:60193 ESTABLISHED tcp 0 0 192.168.5.140:6100 192.168.4.199:60195 ESTABLISHED 然則：B機器：[root@www ~]# telnet 192.168.5.140 5432Trying 192.168.5.140...Connected to 192.168.5.140.Escape character is '^]'.^CConnection closed by foreign host原因是：[root@www ~]# more /etc/sysconfig/iptables-A INPUT -j REJECT --reject-with icmp-host-PRohibited注：問題就出在這時，上面這個規則阻擋了下面的規則的執行-A INPUT -p tcp -m state --state NEW -m tcp --dport 6100 -j ACCEPT 所以調整如下：[root@www ~]# more /etc/sysconfig/iptables-A INPUT -p tcp -m state --state NEW -m tcp --dport 6100 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited這樣的話：[root@www ~]# telnet 192.168.5.140 6100Trying 192.168.5.140...Connected to 192.168.5.140.Escape character is '^]'.Connection closed by foreign host.