First, the basic syntax:
iptables [-t table] command chain rules -j target
Explanation:
table, iptables four corresponding table, raw, mangle, nat, filter
command:
-A Append
-I insert
-L View
-P set the default rule
-F cleared
-Z cleared
-R substitution rules (note: pit)
chain: hook function, it is the five chains: INPUT, OUTPUT, PREROUTONG, POSTROUTING, FORWARD
rules: the rules or called matching conditions
1, substantially matching conditions: source IP, target ip.
2, expansion matching condition: based on modules, source port, destination port and so on.
target: processing actions
ACCEPT: allow the packet flow.
DROP: Drops the packet, do not give any response.
REJECT: rejected, given the reply message.
SNAT: source address translation
DNAT: Destination Translation
MASQUERADE: special form of SNAT.
REDIRECT: this machine to do port mapping.
LOG: recording information in / var / log / message file, without any other rules match.