@ -114,15 +114,17 @@ iptables is the user utility which allows you to work with these chains/rules.
The key to understanding how iptables works is http://docs.swarmlab.io/lab/sec/tables_traverse.jpg[this chart].
The lowercase word on top is the table and the upper case word below is the chain.
- Every IP packet that comes in **on any network interface** passes through this flow chart from top to bottom.
A common source of confusion is that packets entering from, say, an internal interface are handled differently than packets from an Internet-facing interface.
All interfaces are handled the same way; it's up to you to define rules that treat them differently.
**All interfaces are handled the same way; it's up to you to define rules that treat them differently.**
Of course some packets are intended for local processes, hence come in from the top of the chart and stop at <Local Process>, while other packets are generated by local processes; hence start at <Local Process> and proceed downward through the flowchart.
Of course some packets
- are intended for local processes, hence come in from the top of the chart and stop at **Local Proces**,
- while other packets are generated by local processes; hence start at **Local Process** and proceed downward through the flowchart.
A detailed explanation can be found [https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#TRAVERSINGOFTABLES here].
A detailed explanation [https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#TRAVERSINGOFTABLES here].
====
In the vast majority of use cases you won't need to use the **raw**, **mangle**, or **security** tables at all.
test2
5 years ago