Difference between revisions of "Iptables"
From neil.tappsville.com
Jump to navigationJump to search (Created page with "==iptables== ===Tables=== Main tables are Filter, NAT, Mangle * Filter - default * NAT * Mangle - change IP Headers ===Chains=== Traversal Order: Pre --> Input --> Forward...") |
m |
||
Line 28: | Line 28: | ||
Each rule had a matching component and a Target component (action) | Each rule had a matching component and a Target component (action) | ||
+ | |||
+ | |||
+ | List Rules | ||
+ | iptables -S | ||
+ | |||
+ | List Rules in the format used to add them | ||
+ | iptables -L | ||
+ | |||
+ | Add a rule above an existing | ||
+ | iptables -I INPUT [number] <rest of -L syntax> |
Revision as of 03:37, 9 July 2021
Contents
iptables
Tables
Main tables are Filter, NAT, Mangle
- Filter - default
- NAT
- Mangle - change IP Headers
Chains
Traversal Order: Pre --> Input --> Forward --> Output
- Prerouting - Incoming packet
- Input - Entering network stack
- Forward - Routed through system
- Output - Orginated on system and leaving system
- Post Routing - Packet going on the wire
Incoming packets destined for the local system: Prerouting --> Input
Incoming packets destined to another host: Prerouting --> Foward --> Postrouting
Locally generated packets: Output --> Postrouting
Rules
Commands to manipulate network traffic.
Each rule in the chain is queried in order - if the packet does not match the next rule is examined.
Each rule had a matching component and a Target component (action)
List Rules
iptables -S
List Rules in the format used to add them
iptables -L
Add a rule above an existing
iptables -I INPUT [number] <rest of -L syntax>