我用iptables命令设置网络白名单，命令如下：
iptables -A OUTPUT -d www.zhihu.com -j ACCEPT
iptables -A OUTPUT -j REJECT

短时间内会失效，1分钟到十分钟不等，有知道原因的吗？

失效后执行iptables-save显示的默认设置为：

iptables-save

Generated by iptables-save v1.4.20 on Sat Nov 25 21:13:10 2017

*security
:INPUT ACCEPT [85831:90333165]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [60997:5463885]
COMMIT

Completed on Sat Nov 25 21:13:10 2017

Generated by iptables-save v1.4.20 on Sat Nov 25 21:13:10 2017

*raw
:PREROUTING ACCEPT [29791:30082195]
:OUTPUT ACCEPT [57750:5340737]
:bw_raw_PREROUTING - [0:0]
:idletimer_raw_PREROUTING - [0:0]
:natctrl_raw_PREROUTING - [0:0]
:nm_mdmprxy_raw_pre - [0:0]
-A PREROUTING -j bw_raw_PREROUTING
-A PREROUTING -j idletimer_raw_PREROUTING
-A PREROUTING -j natctrl_raw_PREROUTING
-A bw_raw_PREROUTING -m owner --socket-exists
-A idletimer_raw_PREROUTING -i wlan0 -j IDLETIMER --timeout 15 --label 1 --send_nl_msg 1
-A nm_mdmprxy_raw_pre -p tcp -m multiport --ports 5060 -j NOTRACK
-A nm_mdmprxy_raw_pre -p udp -m multiport --ports 5060 -j NOTRACK
COMMIT

Completed on Sat Nov 25 21:13:10 2017

Generated by iptables-save v1.4.20 on Sat Nov 25 21:13:10 2017

*nat
:PREROUTING ACCEPT [665:163628]
:INPUT ACCEPT [174:35741]
:OUTPUT ACCEPT [26701:1805217]
:POSTROUTING ACCEPT [9379:691727]
:natctrl_nat_POSTROUTING - [0:0]
:oem_nat_pre - [0:0]
-A PREROUTING -j oem_nat_pre
-A POSTROUTING -j natctrl_nat_POSTROUTING
COMMIT

Completed on Sat Nov 25 21:13:10 2017

Generated by iptables-save v1.4.20 on Sat Nov 25 21:13:10 2017

*mangle
:PREROUTING ACCEPT [29788:30081904]
:INPUT ACCEPT [29402:29974848]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [57743:5339934]
:POSTROUTING ACCEPT [28151:2828777]
:bw_mangle_POSTROUTING - [0:0]
:idletimer_mangle_POSTROUTING - [0:0]
:natctrl_mangle_FORWARD - [0:0]
:nm_mdmprxy_dl_ping6_marker - [0:0]
:nm_mdmprxy_icmp_pkt_marker - [0:0]
:nm_mdmprxy_mark_prov_chain - [0:0]
:nm_mdmprxy_mngl_post - [0:0]
:nm_mdmprxy_mngl_pre_ex - [0:0]
:nm_mdmprxy_mngl_pre_spi - [0:0]
:nm_mdmprxy_mngl_pre_tee - [0:0]
:nm_mdmprxy_pkt_forwarder - [0:0]
:nm_mdmprxy_pkt_marker - [0:0]
:qcom_qos_filter_POSTROUTING - [0:0]
:qcom_qos_reset_POSTROUTING - [0:0]
-A PREROUTING -i wlan0 -j nm_mdmprxy_pkt_marker
-A PREROUTING -j nm_mdmprxy_icmp_pkt_marker
-A INPUT -i wlan0 -j MARK --set-xmark 0x3007d/0xffffffff
-A FORWARD -j natctrl_mangle_FORWARD
-A POSTROUTING -j qcom_qos_reset_POSTROUTING
-A POSTROUTING -j qcom_qos_filter_POSTROUTING
-A POSTROUTING -j bw_mangle_POSTROUTING
-A POSTROUTING -j idletimer_mangle_POSTROUTING
-A bw_mangle_POSTROUTING -m owner --socket-exists
-A idletimer_mangle_POSTROUTING -o wlan0 -j IDLETIMER --timeout 15 --label 1 --send_nl_msg 1
-A nm_mdmprxy_mark_prov_chain -p tcp -m tcp --dport 32000:36999 -j MARK --set-xmark 0x9/0xffffffff
-A nm_mdmprxy_mark_prov_chain -p udp -m udp --dport 32000:36999 -j MARK --set-xmark 0x9/0xffffffff
-A nm_mdmprxy_mngl_post -m mark --mark 0x9 -j MARK --set-xmark 0x0/0xffffffff
-A nm_mdmprxy_mngl_pre_ex -p tcp -m tcp --dport 50010:50060 -j MARK --set-xmark 0x9/0xffffffff
-A nm_mdmprxy_mngl_pre_ex -p udp -m udp --dport 50010:50060 -j MARK --set-xmark 0x9/0xffffffff
-A nm_mdmprxy_mngl_pre_ex -p tcp -m tcp --dport 40100:40150 -j MARK --set-xmark 0x9/0xffffffff
-A nm_mdmprxy_pkt_marker -p udp -m udp --sport 4500 --dport 32012 -m u32 --u32 "0x0>>0x16&0x3c@0x8=0x0" -j MARK --set-xmark 0x9/0xffffffff
-A nm_mdmprxy_pkt_marker -p udp -m udp --sport 4500 -m mark ! --mark 0x9 -j ACCEPT
-A nm_mdmprxy_pkt_marker -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A nm_mdmprxy_pkt_marker -j nm_mdmprxy_mark_prov_chain
-A nm_mdmprxy_pkt_marker -j nm_mdmprxy_mngl_pre_spi
-A nm_mdmprxy_pkt_marker -p tcp -m tcp --dport 5060 -j MARK --set-xmark 0x9/0xffffffff
-A nm_mdmprxy_pkt_marker -p udp -m udp --dport 5060 -j MARK --set-xmark 0x9/0xffffffff
-A nm_mdmprxy_pkt_marker -j nm_mdmprxy_mngl_pre_ex
-A nm_mdmprxy_pkt_marker -m mark --mark 0x9 -j nm_mdmprxy_pkt_forwarder
COMMIT

Completed on Sat Nov 25 21:13:10 2017

Generated by iptables-save v1.4.20 on Sat Nov 25 21:13:10 2017

*filter
:INPUT ACCEPT [28:4401]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:fw_dozable - [0:0]
-A OUTPUT -d 47.95.51.100/32 -j ACCEPT
-A OUTPUT -j REJECT --reject-with icmp-port-unreachable
-A fw_dozable -i lo -o lo -j RETURN
-A fw_dozable -p tcp -m tcp --tcp-flags RST RST -j RETURN
-A fw_dozable -m owner --uid-owner 0-9999 -j RETURN
-A fw_dozable -m owner --uid-owner 1001 -j RETURN
-A fw_dozable -m owner --uid-owner 1027 -j RETURN
-A fw_dozable -m owner --uid-owner 10009 -j RETURN
-A fw_dozable -m owner --uid-owner 10012 -j RETURN
-A fw_dozable -m owner --uid-owner 10013 -j RETURN
-A fw_dozable -m owner --uid-owner 10031 -j RETURN
-A fw_dozable -m owner --uid-owner 10035 -j RETURN
-A fw_dozable -m owner --uid-owner 10069 -j RETURN
-A fw_dozable -m owner --uid-owner 10097 -j RETURN
-A fw_dozable -m owner --uid-owner 10100 -j RETURN
-A fw_dozable -m owner --uid-owner 10105 -j RETURN
-A fw_dozable -m owner --uid-owner 10108 -j RETURN
-A fw_dozable -m owner --uid-owner 10113 -j RETURN
-A fw_dozable -j DROP
COMMIT

Completed on Sat Nov 25 21:13:10 2017