2018-05-04
iptables general structure
Iptables is actually a container of multiple tables. Each table contains different chains. The chains define different policies. We define different rules to control the entry and exit of data packets in the firewall. .
The three major tables in iptables
Filter is the default host firewall, filtering packets flowing in and out of the host. It contains three chains of INPUT, OUTPUT, and FOWARD
INPUT to filter packets entering the host
OUTPUT processes data packets sent from this machine
FOWARD processes the data packets flowing through this host, which is related to NAT
Filter table is an important means for enterprises to realize firewall function
NAT is responsible for network address translation (translation of IP and port from the destination address), generally used for shared Internet access on a local area network, similar to the network switch acl, including three chains of OUTPUT, PREROUTING, and POSTROUTING
OUTPUT changes the destination address of packets sent by the host
When the PREROUTING packet arrives at the firewall, the rules executed before the routing judgment are performed, and the destination address and destination port of the packet are changed.
When the POSTROUTING packet leaves the firewall, the rules executed before the routing judgment is performed, and the source address and source port of the packet are changed.
Mangle is rarely used in enterprises