iptables
IP table of tables ip
iptables netfilter only the front end management tool; linux kernel netfilter is a data traffic management module;
iptables / netfilter data traffic management framework;
Iptables is generally considered a firewall;
Role: traffic filtering; (1, traffic filtering 2, then vpn)
1, network protection wall
First, the network firewall generally is outside the network exit, mainly for traffic and external networks to interact monitoring and filtering;
ASA
the USG
Juniper
checkpoint
Hillstone
Talent
green League
2, host firewall (not mentioned 360, xx housekeeper)
host the kernel space and user space, filtering netfilter module runs in kernel space, but it can not provide data matches, so we need to use the function netfilter module calls, data traffic matching;
matching data flow: Chain (hooks)
five hooks:
the PREROUTING
the INPUT
the FORWARD
the OUTPUT
the POSTROUTING
three traffic:
1, flow rate reaches the host
2, the flow through the host
3, the host-initiated traffic
four tables decision behavior:
1, RAW remain linked - off by default (not recommended to open)
2, mangle packet modification
3, nat nat mapping, including SNAT and DNAT (address mapping source, target address mapping)
4, filter packet filtering (default enable)