|
|
@ -121,7 +121,9 @@ The lowercase word on top is the table and the upper case word below is the chai |
|
|
**All interfaces are handled the same way; it's up to you to define rules that treat them differently.** |
|
|
**All interfaces are handled the same way; it's up to you to define rules that treat them differently.** |
|
|
|
|
|
|
|
|
Of course some packets |
|
|
Of course some packets |
|
|
|
|
|
|
|
|
- are intended for local processes, hence come in from the top of the chart and stop at **Local Proces**, |
|
|
- are intended for local processes, hence come in from the top of the chart and stop at **Local Proces**, |
|
|
|
|
|
|
|
|
- while other packets are generated by local processes; hence start at **Local Process** and proceed downward through the flowchart. |
|
|
- while other packets are generated by local processes; hence start at **Local Process** and proceed downward through the flowchart. |
|
|
|
|
|
|
|
|
A detailed explanation [https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#TRAVERSINGOFTABLES here]. |
|
|
A detailed explanation [https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#TRAVERSINGOFTABLES here]. |
|
|
@ -182,8 +184,9 @@ Tables consist of **chains**, which are lists of rules which are followed in ord |
|
|
|
|
|
|
|
|
==== Filter |
|
|
==== Filter |
|
|
|
|
|
|
|
|
This is the default table. Its built-in chains are: |
|
|
This is the default table. |
|
|
|
|
|
|
|
|
|
|
|
.Its built-in chains are: |
|
|
[source,bash] |
|
|
[source,bash] |
|
|
---- |
|
|
---- |
|
|
Input: packets going to local sockets |
|
|
Input: packets going to local sockets |
|
|
@ -193,8 +196,10 @@ This is the default table. Its built-in chains are: |
|
|
|
|
|
|
|
|
==== Nat |
|
|
==== Nat |
|
|
|
|
|
|
|
|
When a packet creates a new connection, this table is used. Its built-in chains are: |
|
|
When a packet creates a new connection, this table is used. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.Its built-in chains are: |
|
|
[source,bash] |
|
|
[source,bash] |
|
|
---- |
|
|
---- |
|
|
Prerouting: designating packets when they come in |
|
|
Prerouting: designating packets when they come in |
|
|
@ -204,8 +209,9 @@ When a packet creates a new connection, this table is used. Its built-in chains |
|
|
|
|
|
|
|
|
==== Mangle |
|
|
==== Mangle |
|
|
|
|
|
|
|
|
Used for special altering of packets. Its chains are: |
|
|
Used for special altering of packets. |
|
|
|
|
|
|
|
|
|
|
|
.Its built-in chains are: |
|
|
[source,bash] |
|
|
[source,bash] |
|
|
---- |
|
|
---- |
|
|
Prerouting: incoming packets |
|
|
Prerouting: incoming packets |
|
|
@ -217,8 +223,9 @@ Used for special altering of packets. Its chains are: |
|
|
|
|
|
|
|
|
==== Raw |
|
|
==== Raw |
|
|
|
|
|
|
|
|
Primarily used for configuring exemptions from connection tracking. The built-in chains are |
|
|
Primarily used for configuring exemptions from connection tracking. |
|
|
|
|
|
|
|
|
|
|
|
.Its built-in chains are: |
|
|
[source,bash] |
|
|
[source,bash] |
|
|
---- |
|
|
---- |
|
|
Prerouting: packets that arrive by the network interface |
|
|
Prerouting: packets that arrive by the network interface |
|
|
@ -227,8 +234,9 @@ Primarily used for configuring exemptions from connection tracking. The built-in |
|
|
|
|
|
|
|
|
==== Security |
|
|
==== Security |
|
|
|
|
|
|
|
|
Used for Mandatory Access Control (MAC) rules. After the filter table, the security table is accessed next. The built-in chains are: |
|
|
Used for Mandatory Access Control (MAC) rules. After the filter table, the security table is accessed next. |
|
|
|
|
|
|
|
|
|
|
|
.Its built-in chains are: |
|
|
[source,bash] |
|
|
[source,bash] |
|
|
---- |
|
|
---- |
|
|
Input: packets entering the server |
|
|
Input: packets entering the server |
|
|
|
test2
5 years ago