iptables Syntax

As presented earlier, iptables uses the concept of separate rule tables for different packet processing functionality. Nondefault tables are specified by a command-line option. Three tables are available:

  • filter— The filter table is the default table. It contains the actual firewall filtering rules. The built-in chains include these:

    • INPUT

    • OUTPUT

    • FORWARD

  • nat— The nat table contains the rules for Source and Destination Address and Port Translation. These rules are functionally distinct from the firewall filter rules. The built-in chains include these:

    • PREROUTING (DNAT/REDIRECT)

    • OUTPUT (DNAT/REDIRECT)

    • POSTROUTING (SNAT/MASQUERADE)

  • mangle— The mangle table contains rules for setting specialized packet-routing flags. These flags are then ...

Get Linux Firewalls, Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.