Difference between revisions of "Iptables"

From neil.tappsville.com
Jump to navigationJump to search
(Created page with "==iptables== ===Tables=== Main tables are Filter, NAT, Mangle * Filter - default * NAT * Mangle - change IP Headers ===Chains=== Traversal Order: Pre --> Input --> Forward...")
 
m
 
(One intermediate revision by the same user not shown)
Line 28: Line 28:
  
 
Each rule had a matching component and a Target component (action)
 
Each rule had a matching component and a Target component (action)
 +
 +
 +
List Rules
 +
iptables -S
 +
 +
List Rules in the format used to add them
 +
iptables -L --line-numbers
 +
 +
Add a rule above an existing
 +
iptables -I INPUT [number] <rest of -L syntax>

Latest revision as of 04:43, 12 July 2021

iptables

Tables

Main tables are Filter, NAT, Mangle

  • Filter - default
  • NAT
  • Mangle - change IP Headers

Chains

Traversal Order: Pre --> Input --> Forward --> Output

  • Prerouting - Incoming packet
  • Input - Entering network stack
  • Forward - Routed through system
  • Output - Orginated on system and leaving system
  • Post Routing - Packet going on the wire

Incoming packets destined for the local system: Prerouting --> Input

Incoming packets destined to another host: Prerouting --> Foward --> Postrouting

Locally generated packets: Output --> Postrouting

Rules

Commands to manipulate network traffic.

Each rule in the chain is queried in order - if the packet does not match the next rule is examined.

Each rule had a matching component and a Target component (action)


List Rules

iptables -S

List Rules in the format used to add them

iptables -L --line-numbers

Add a rule above an existing

iptables -I INPUT [number] <rest of -L syntax>