zeus
/
lab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

iptables

master
test2 5 years ago
parent
c4200230d1
commit
12f5871d9b
1 changed files with 13 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      sec/ex-3_iptables.adoc

18
sec/ex-3_iptables.adoc
View File

@ -121,7 +121,9 @@ The lowercase word on top is the table and the upper case word below is the chai
**All interfaces are handled the same way; it's up to you to define rules that treat them differently.**
Of course some packets
- are intended for local processes, hence come in from the top of the chart and stop at **Local Proces**,
- while other packets are generated by local processes; hence start at **Local Process** and proceed downward through the flowchart.
A detailed explanation [https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#TRAVERSINGOFTABLES here].
@ -182,8 +184,9 @@ Tables consist of **chains**, which are lists of rules which are followed in ord
==== Filter
This is the default table. Its built-in chains are:
This is the default table.
.Its built-in chains are:
[source,bash]
----
Input: packets going to local sockets
@ -193,8 +196,10 @@ This is the default table. Its built-in chains are:
==== Nat
When a packet creates a new connection, this table is used. Its built-in chains are:
When a packet creates a new connection, this table is used.
.Its built-in chains are:
[source,bash]
----
Prerouting: designating packets when they come in
@ -204,8 +209,9 @@ When a packet creates a new connection, this table is used. Its built-in chains
==== Mangle
Used for special altering of packets. Its chains are:
Used for special altering of packets.
.Its built-in chains are:
[source,bash]
----
Prerouting: incoming packets
@ -217,8 +223,9 @@ Used for special altering of packets. Its chains are:
==== Raw
Primarily used for configuring exemptions from connection tracking. The built-in chains are
Primarily used for configuring exemptions from connection tracking.
.Its built-in chains are:
[source,bash]
----
Prerouting: packets that arrive by the network interface
@ -227,8 +234,9 @@ Primarily used for configuring exemptions from connection tracking. The built-in
==== Security
Used for Mandatory Access Control (MAC) rules. After the filter table, the security table is accessed next. The built-in chains are:
Used for Mandatory Access Control (MAC) rules. After the filter table, the security table is accessed next.
.Its built-in chains are:
[source,bash]
----
Input: packets entering the server

Write Preview
Loading…
Cancel
Save