Difference between revisions of "Iptables: Explanations, options & examples"
Jump to navigation
Jump to search
| Line 22: | Line 22: | ||
== Structure of /etc/sysconfig/iptables == | == Structure of /etc/sysconfig/iptables == | ||
| − | iptables includes 3 default tables: | + | === Tables === |
| − | * <code>*filter</code> - Default table for filtering packets | + | iptables includes 3 default ''tables'': |
| − | * <code>*nat</code> - Default table for Network Address Translation | + | * <code>*filter</code> - '''Default table for filtering packets''' |
| − | * <code>*mangle</code> - Default table used for specific type of packet alteration | + | * <code>*nat</code> - '''Default table for Network Address Translation''' |
| + | * <code>*mangle</code> - '''Default table used for specific type of packet alteration''' | ||
| + | |||
| + | === Chains === | ||
| + | Each ''table'' has a group of built-in ''chains'', corresponding to the actions to be performed on the packets. The chains for each section are as follows: | ||
| + | |||
| + | *The built-in chains for the '''filter''' table: | ||
| + | ** <code>INPUT</code> - '''Applies to packets targeted at the host (incoming traffic)''' | ||
| + | ** <code>OUTPUT</code> - '''Applies to locally-generated packets heading out of the system (outgoing traffic)''' | ||
| + | ** <code>FORWARD</code> - '''Applies to packets routed through the host (forwarded/routed traffic)''' | ||
| + | *The built-in chains for the '''nat''' table: | ||
| + | **<code>PREROUTING</code> - '''Alters packets when they arrive''' | ||
| + | **<code>OUTPUT</code> - '''Alters locally-general packets before they leave''' | ||
| + | **<code>POSTROUTING</code> - '''Alters packets before they leave''' | ||
Revision as of 13:45, 15 November 2012
Configuration file location and command commands
Configuration file
The iptables configuration file is located at: /etc/sysconfig/iptables. The contains all the tables, chains and rules. Additional configurations can be added directly to this file or via command line tools.
Common Commands
# start iptables
service iptables start
# get current status
service iptables status
# stop iptables
service iptables stop
# restart iptables
service iptables restart
# save any newly added rules
service iptables saveStructure of /etc/sysconfig/iptables
Tables
iptables includes 3 default tables:
*filter- Default table for filtering packets*nat- Default table for Network Address Translation*mangle- Default table used for specific type of packet alteration
Chains
Each table has a group of built-in chains, corresponding to the actions to be performed on the packets. The chains for each section are as follows:
- The built-in chains for the filter table:
INPUT- Applies to packets targeted at the host (incoming traffic)OUTPUT- Applies to locally-generated packets heading out of the system (outgoing traffic)FORWARD- Applies to packets routed through the host (forwarded/routed traffic)
- The built-in chains for the nat table:
PREROUTING- Alters packets when they arriveOUTPUT- Alters locally-general packets before they leavePOSTROUTING- Alters packets before they leave