Get Started. It's Free
or sign up with your email address
Rocket clouds
iptables by Mind Map: iptables

1. NATs packets

2. kernel module

3. mangle table

3.1. alteration of service bits in TCP header

3.2. kernel 2.4.17

3.2.1. prerouting

3.2.1.1. alter packets when they come

3.2.2. output

3.2.2.1. alter locally generated packets

3.3. kernel 2.4.18

3.3.1. postrouting

3.3.1.1. alter packets before they go out

3.3.2. input

3.3.2.1. alter packers coming in

3.3.3. forward

3.3.3.1. alter packets being routed

4. filter table

4.1. packet filtering

4.2. 3 bult in chains

4.2.1. forward chain

4.2.1.1. packets of networks protected by firewall

4.2.2. input chain

4.2.2.1. packets destined for firewall

4.2.3. output chain

4.2.3.1. packets originating from firewall

5. Network Address Translation (NAT) table

5.1. pre-routing chain

5.1.1. destination address needs to be changed

5.1.2. DNAT

5.2. post routing chain

5.2.1. source address needs to be changed

5.2.2. SNAT

5.3. output chain

5.3.1. packets originating from firewall

5.4. NATs network packets

6. rules

6.1. iptable matches

6.2. one action

6.2.1. target

7. nf_conntrack

7.1. caches connection status and info

7.2. /proc/net/nf_conntrack

7.3. ipv4 2 tcp 6 431581 ESTABLISHED src=7.8.9.20 dst=7.8.9.10 sport=53867 dport=80 packets=22 bytes=13861 src=192.168.1.2 dst=7.8.9.20 sport=8080 dport=53867 packets=14 bytes=3535 [ASSURED] mark=0 secmark=0 use=2

8. raw

8.1. configure exemptions from connection tracking in combination with NOTRACK targets

8.2. prerouting

8.2.1. packets arriving via any network interface

8.3. output

8.3.1. packets generated by local processes

9. Accept

10. Drop

11. Queue

11.1. ip_queue

11.2. nfnetlink_queue

11.3. nfqueue

12. Return