Home > Others

Iptables Four table five chain

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The Netfilter/iptables IP packet filtering system is a powerful tool for adding, editing, and removing rules that are followed and composed by firewalls when making packet filtering decisions. These rules are stored in a dedicated packet filtering table, and these tables are integrated into the Linux kernel. In the Packet filter table, the rules are grouped in our so-called chain (chain).

Although the Netfilter/iptables IP packet filtering system is called a single entity, it actually consists of two components NetFilter and iptables.

The NetFilter component, also known as kernel Space (kernelspace), is part of the kernel and consists of packet filtering tables that contain the set of rules that the kernel uses to control packet filtering processing.

The Iptables component is a tool, also known as user space (userspace), that makes it easy to insert, modify, and remove rules from packet filtering tables.

The iptables contains 4 tables and 5 chains. Where tables are differentiated according to the operation of the packet, the chain is differentiated by the different hook points, and the table and chain are actually two dimensions of the netfilter.

4 tables: Filter,nat,mangle,raw, the default table is filter (it is the filter table when no table is specified). Processing priority for table: Raw>mangle>nat>filter.

Filter: General filtering function

NAT: for NAT function (port mapping, address mapping, etc.)

Mangle: Used to modify a specific packet

Raw: The limit is the highest, set raw is generally to no longer let iptables do the link tracking processing of packets, improve performance

5 Chains: Prerouting,input,forward,output,postrouting.

Prerouting: Before packets enter the routing table

INPUT: Destination is native after routing table

FORWARDING: The destination is not native after routing table

OUTPUT: Generated by this machine, forwarded outward

Postroutiong: Before sending to the NIC interface. Such as:

The correspondence between tables and chains in Iptables is as follows:

Iptables Four table five chain

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More