August 2004
Intermediate to advanced
96 pages
1h 52m
English
Content preview from Linux iptables Pocket Reference
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Introduction
The Linux kernel’s network packet processing subsystem is called Netfilter, and iptables is the command used to configure it. This book covers the iptables user-space utilities Version 1.2.7a, which uses the Netfilter framework in the Linux kernel version 2.4 and also covers most of what’s in 2.6. Because Netfilter and iptables are tightly coupled, I will use "iptables" to refer to either or both of them throughout this book.
The iptables architecture groups network packet processing rules into tables by function (packet filtering, network address translation, and other packet mangling), each of which have chains (sequences) of processing rules. Rules consist of matches (used to determine which packets the rule will apply to) and targets (that determine what will be done with the matching packets).
iptables operates at OSI Layer 3 (Network). For OSI Layer 2 (Link), there are other technologies such as ebtables (Ethernet Bridge Tables). See http://ebtables.sourceforge.net/ for more information.
An Example Command
Here is a sample iptables command:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.3:8080
Table 1-1 shows what this sample iptables command means.
Table 1-1. Decomposed example iptables command arguments
Component | Description |
|---|---|
| Operate on the |
| ... by appending the following rule to its |
| Match packets coming in on the |
| ... that use the |