In order to do this, you're going to need to run some iptables commands. Let's say you've got yourself a brand new Linux system and you want to set up its firewall. In a way, chains are like the IPTables equivalent of subroutines or functions. This means that instead of, say, accepting or rejecting the packet on the spot, IPTables will jump to the chain you named and start checking the packet against the rules in that chain. Other than those three names, you can use any name you want for any new chains you create.Īdding your own chains is useful because when you create a rule, you can specify the name of any custom chain as the target of the rule. There are three predefined chains named INPUT, FORWARD, and OUTPUT, which are the starting points for, respectively, packets coming into the computer, packets "just passing through" the computer, and packets heading out of the computer. Each chain is just a named, ordered list of rules.
Within each table, the rules are organized into chains, which are the structures you'll need to be familiar with in order to use IPTables effectively. When creating a firewall, the only table you actually need to use is the filter table the other tables are used for specific kinds of packet alterations. The IPTables Tables (and Chains) An overview of the packet filtering in the Linux kernelĪs the name suggests, IPTables organizes its rules into tables based on each rule's purpose and what packets it should apply to. On Ubuntu, this means you'll have to prefix sudo to all commands in this tutorial. It's usually installed as /sbin/iptables, and you need to be logged in as root to do anything meaningful with it. iptables The program that allows the system administrator to alter the list of rules that netfilter uses. If you want to look at the code, it's in the net/netfilter subdirectory of the kernel source code, but that's not necessary for this tutorial you don't have to know the details of the netfilter implementation to understand IPTables.
It consists of two parts: netfilter The piece of code that sits in the operating system and checks all packets against the list of rules. IPTables is the most common firewall implementation for Linux.
0 kommentar(er)
