Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux iptables: basic principles and rules     - PHP call a Python program (Programming)

- Linux --- process tracking (Linux)

- Install VLC player on Ubuntu 14.10 (Linux)

- Linux use chattr and lsattr commands to manage file and directory attributes (Linux)

- Ubuntu 15.04 and Ubuntu 14.04 installed Cinnamon 2.6 (Linux)

- Ubuntu 14.04 build Gitlab (Linux)

- Use Oracle 11g show spparameter command (Database)

- extundelete: the Linux-based open source data recovery tools (Linux)

- Why I do not like the Go language style interface (ie Structural Typing) (Programming)

- Java development environment to build under Ubuntu (Linux)

- Json Applications of FastJson (Programming)

- How to configure a development environment elegant Lua (Linux)

- OpenStack / Dev stack with neutron on Ubuntu 14.04 (Server)

- OpenGL Superb Learning Notes - GLSL language foundation (Programming)

- Linux system security Comments (Linux)

- Linux netstat command to get started (Linux)

- Use DB2 federated access Oracle (Database)

- Build RPM package uses Docker mirror (Linux)

- Redmine Installation (Linux)

- Let OS X support NTFS write file (Linux)

  Linux iptables: basic principles and rules
  Add Date : 2018-11-21      
  What is iptables?

-------------------------------------------------- ------------------------------

iptables is a Linux under the powerful application layer firewall tool, but to understand the basic principles and rules, the configuration is also very simple.

What is Netfilter?

-------------------------------------------------- ------------------------------

When it comes to the inevitable mention iptables Netfilter, iptables is the application layer, and its essence is a configuration tool to define the rules, and the core packet interception and forwarding Netfiler.

Netfilter is the Linux operating system kernel layer inside a packet processing module.

Netfilter role of the network layer, the network layer packets through the mount point will go through five of Netfilter (Hook point): PRE_ROUTING, INPUT, OUTPUT, FORWARD, POST_ROUTING.

Any data packet, as long as through the machine, which will go through five one mount point.

iptables rule principle

-------------------------------------------------- ------------------------------

iptables rules of composition, also known as 4 and Table 5 chain:

Four tables + mount point plus five rule

four tables: filter table, nat table, mangle table, raw table


Specifically, it is iptables Each allow / deny or forwarding rule must select a mount point associated with a table.

Rule represents a concrete operation of the data packet, mount point represents the position of the operation, the table represents the role of purpose.

iptables's four tables

-------------------------------------------------- ------------------------------

Now with more tables are the first two:

1, filter for filtering;

2, nat for address translation;

3, mangle modify packets;

4, raw generally do is to not let iptables packet link tracking processing, skip the other tables to improve performance;

Packet matches a flowchart in the rules table, mount point

For filter tables are normally only be done in the three chains: INPUT, FORWARD, OUTPUT;

For nat table generally only do the three chains: PREROUTING, OUTPUT, POSTROUTING.
- SUSE Firewall Configuration (Linux)
- 5 tips to improve your Linux desktop security (Linux)
- Java open source monitoring platform Zorka basic use (Linux)
- Free compiler install MySQL-5.6.14 (Database)
- Squid proxy server configuration under Linux (Server)
- How to install Ubuntu strategy game Wesnoth 1.12.0 (Linux)
- Making Linux root file system problems on-link library (Programming)
- Install the open source database PostgreSQL 9.4 and phpMyAdmin on Ubuntu (Database)
- How to clean up your Ubuntu 14.10 / 14.04 / 13.10 system (Linux)
- Oracle metadata Reconstruction experiments (Database)
- Through Oracle to help restore MySQL data problems (Database)
- Ubuntu cut screen method (Linux)
- Ubuntu 12.04 installation NVIDIA GTX750 graphics driver (Linux)
- Linux directory structure (Linux)
- Linux Services Comments (Linux)
- Oracle 11gr2 new APPEND_VALUES tips (Database)
- How to install and configure a VNC server on CentOS 7.0 (Server)
- Java look and feel mode (Facade mode) (Programming)
- How to add a new resolution VirtualBox (Linux)
- Appweb configuration in detail (Server)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.