Iptables Tutorial

Iptables Tutorial

1.  Introduction to iptables firewall

Iptables, also called netfilter, is a free and excellent firewall tool based on packet filtering that comes with Linux. It is very powerful and flexible to use, and can finely control the data packets flowing in, out, and through the server. iptables is a module integrated in the Linux 2.4 and 2.6 kernels.

2.  Iptables service related commands

1. View iptables status

service iptables status

2. Turn on/off iptables

service iptables start

service iptables stop

3. Check if iptables is started

chkconfig iptables --list

4. Set iptables to start / not start

chkconfig iptables on

chkconfig iptables off

3.  Introduction to the principle of iptables

3.1.  The structure of iptables

There are four tables in iptables, namely filter, nat, mangle and raw. Each table contains its own different chain, the most commonly used is the filter table.

 

  filter table:

filter is the default table used by iptables, which is responsible for filtering the data packets flowing in and out of the machine. Three chains are defined in the table:

INPOUT   is responsible for filtering all the data packets whose destination address is the local address, that is, filtering the data packets entering the host.

FORWARD is responsible for forwarding the data packets that flow through the machine but do not enter the machine, and play the role of forwarding.

OUTPUT is responsible for processing all data packets whose source address is the local address, that is, processing data packets sent from the host.