iptables

1. filter table

1.1. packet filtering

1.2. 3 bult in chains

1.2.1. forward chain

1.2.1.1. packets of networks protected by firewall

1.2.2. forward chain

1.2.2.1. packets destined for firewall

1.2.3. output chain

1.2.3.1. packets originating from firewall

2. Network Address Translation (NAT) table

2.1. pre-routing chain

2.1.1. destination address needs to be changed

2.1.2. DNAT

2.2. post routing chain

2.2.1. source address needs to be changed

2.2.2. SNAT

2.3. output chain

2.3.1. packets originating from firewall

2.4. NATs network packets

3. Queue

3.1. ip_queue

3.2. nfnetlink_queue

3.3. nfqueue

4. Managle

4.1. prounting

4.2. Output

4.3. input

4.4. Postrouting

4.5. Forward

5. Implicit Matches

5.1. UDP Matches

5.1.1. -p udp --spotr <port>

5.1.1.1. -p udp --dport <port>

5.2. TCP Matches

5.2.1. -p tcp --spotr <port>

5.2.1.1. -p tcp --dpotr <port>

5.3. ICMP Matches

6. rules

6.1. iptable matches

6.2. one action

6.3. Target

6.3.1. Log Target

6.3.2. Reject Target

6.3.3. SNAT Target

6.3.4. DNAT Target

6.3.5. Masquerade Target

6.3.6. Redirect Target

7. Explicit Matches

7.1. Explicit Matches

7.2. Multiport Matches

7.3. Owner Matches

7.4. State Matches