iptables General Information

To understand how to proceed with iptables, you need to understand how iptables works. The next few sections walk you through some of the finer points. Most iptables text makes the assumption that all packets run through the tables, or list of rules. In fact, however, iptables only sees a packet if that packet is the first or only packet. Subsequent packet fragments do not traverse the rules. The reason for this is simple—a host cannot reassemble the fragments into a packet until it has the first packet. If the first packet is dropped, the others time out and are dropped. However, if you load conntrack, the connection tracking module, or are doing masquerading, the firewall will reassemble all packet fragments before ...

Get Special Edition Using Linux®, Sixth Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.