Iptables Tutorial
1. Introduction to iptables firewall
Iptables, also called netfilter, is a free and excellent firewall tool based on packet filtering that comes with Linux. It is very powerful and flexible to use, and can finely control the data packets flowing in, out, and through the server. iptables is a module integrated in the Linux 2.4 and 2.6 kernels.
2. Iptables service related commands
1. View iptables status
service iptables status
2. Turn on/off iptables
service iptables start
service iptables stop
3. Check if iptables is started
chkconfig iptables --list
4. Set iptables to start / not start
chkconfig iptables on
chkconfig iptables off
3. Introduction to the principle of iptables
3.1. The structure of iptables
There are four tables in iptables, namely filter, nat, mangle and raw. Each table contains its own different chain, the most commonly used is the filter table.
filter table:
filter is the default table used by iptables, which is responsible for filtering the data packets flowing in and out of the machine. Three chains are defined in the table:
INPOUT is responsible for filtering all the data packets whose destination address is the local address, that is, filtering the data packets entering the host.
FORWARD is responsible for forwarding the data packets that flow through the machine but do not enter the machine, and play the role of forwarding.
OUTPUT is responsible for processing all data packets whose source address is the local address, that is, processing data packets sent from the host.