It is used to make decisions about whether a packet should be allowed to reach its destination. The filter table: This is the default and perhaps the most widely used table.On a modern Linux distributions, there are four tables: TablesĪs we’ve mentioned previously, tables allow you to do very specific things with packets. Now, we’re going to take a deeper look into each of these structures. By default, all chains have a default policy of allowing packets.
If it doesn’t find a match with any of the rules, it simply does what the default policy of the chain tells it to. When it finds a match, it jumps onto the target and performs the action associated with it.
When a packet arrives (or leaves, depending on the chain), iptables matches it against rules in these chains one-by-one. A target decides the fate of a packet, such as allowing or rejecting it. You can add rules to them match specific packets - such as TCP packets going to port 80 - and associate it with a target. These chains allow you to inspect traffic at various points, such as when they just arrive on the network interface or just before they’re handed over to a process. The default table is the filter table, although there are other tables too.Īgain, these tables have chains attached to them. Simply put, a table is something that allows you to process packets in specific ways. The packet filtering mechanism provided by iptables is organized into three different kinds of structures: tables, chains and targets. However, to keep this article simple, we won’t make a distinction between iptables and netfilter in this article, and simply refer to the entire thing as “iptables”. Iptables is just a command-line interface to the packet filtering functionality in netfilter. 19 Preserving iptables rules across reboots.14 Per-IP packet limits: the recent module.12 Blocking invalid TCP packets with the tcp module.
0 kommentar(er)
