问题 {#heading}

我有一个 .NET 6 Web API 应用程序，我想在托管的系统中编辑我的 iptables 规则（Web API 运行在该系统上）。

我有如下规则：

-A INPUT -m tcp --protocol tcp --source 2.2.2.2 --destination 1.1.1.1 --source-port 111 --destination-port 222 --jump DROP

我在 bash 中尝试了这个规则的 iptables 命令，它能正常工作，但当我尝试创建如下规则时：

IpTablesRule rule = IpTablesRule.Parse($&quot;-A  INPUT  -m tcp--protocol tcp --source 2.2.2.2 --destination 1.1.1.1 --source-port 111 --destination-port 222 --jump DROP&quot;, null, chains);

然后尝试将其添加到系统中，如下所示：

ipTablesSystem = new IpTablesSystem(system: new LocalFactory(), tableAdapter: new IPTablesBinaryAdapter());
inputChain = ipTablesSystem.GetChain(table: Table.FILTER, chain: Chain.INPUT, ipVersion: (int)IpVersion.V4);
inputChain.AddRule(rule);

系统没有出现任何错误或类似的东西，但当我尝试使用 iptables -L 命令在 bash（cli）中查看系统规则时，我看不到我的规则。

为什么我的规则不存在于系统中？如何解决这个问题？英文:

I have a .NET 6 Web API application and I want to edit my iptables rule in hosted system. (the system that Web API run on it)

I have rule like below

-A INPUT -m tcp  --protocol tcp --source 2.2.2.2 --destination 1.1.1.1 --source-port 111 --destination-port 222 --jump DROP

I try this rule in iptables command in bash and work correctly, but when I try to create rule for this like below

IpTablesRule rule = IpTablesRule.Parse($&quot;-A  INPUT  -m tcp--protocol tcp --source 2.2.2.2 --destination 1.1.1.1 --source-port 111 --destination-port 222 --jump DROP&quot;, null, chains);

and then try to add to system like below

ipTablesSystem = new IpTablesSystem(system: new LocalFactory(), tableAdapter: new IPTablesBinaryAdapter());
inputChain = ipTablesSystem.GetChain(table: Table.FILTER, chain: Chain.INPUT, ipVersion: (int)IpVersion.V4);
inputChain.AddRule(rule);

No any error rise on system or something like that, but after I try to see system rules with bash (cli) with iptables -L I do not see my rules

Why my rule does not exist in system? and how to resolve this problem?

答案1 {#1}

得分: 1

以下是已翻译的部分：

这是关于不正确使用API的问题，正确的方式如下：

IpTablesRule rule = IpTablesRule.Parse($&quot;-A  INPUT  -m tcp --protocol tcp --source 2.2.2.2 --destination 1.1.1.1 --source-port 111 --destination-port 222 --jump DROP&quot;, null, chains);

var ipTablesSystem = new IpTablesSystem(system: new LocalFactory(), tableAdapter: ipTablesAdapter);

IIPTablesAdapterClient table = ipTablesSystem.GetTableAdapter((int)IpVersion.V4);

table.AddRule(rule);

注意，您必须从IpTablesSystem获取表格，然后向表格添加或移除规则。英文:

This is for bad using of API, the correct way is like below

IpTablesRule rule = IpTablesRule.Parse($&quot;-A  INPUT  -m tcp --protocol tcp --source 2.2.2.2 --destination 1.1.1.1 --source-port 111 --destination-port 222 --jump DROP&quot;, null, chains);

var ipTablesSystem = new IpTablesSystem(system: new LocalFactory(), tableAdapter: ipTablesAdapter);

IIPTablesAdapterClient table = ipTablesSystem.GetTableAdapter((int)IpVersion.V4);

table.AddRule(rule);

The note is, you must get table from IpTablesSystem and add or remove rulse from table.