Linux iptables firewall rule execution sequence parsing

Prerequisites: iptable has three queue (table) rules: manglequeue, filterqueue, and natqueue. 1. ThefirstisthemangletablewhichisresponsibleforthealterationofqualityofservicebitsintheTCPheader.2. Th prerequisites: iptable has three queue (table) rules: mangle queue, filter queue, and natqueue.
1. The first is the mangle table which is responsible for thealteration of quality of service bits in the TCP header.
2. The second table is the filter queue which is responsiblefor packet filtering.
* Forward chain: Filters packets to servers protected by thefirewall.
* Input chain: Filters packets destined for the firewall.
* Output chain: Filters packets originating from thefirewall.
3. The third table is the nat queue which is responsible fornetwork address translation. It has two built-in chains; theseare:
* Pre-routing chain: NATs packets when the destination addressof the packet needs to be changed.
* Post-routing chain: NATs packets when the source address ofthe packet needs to be changed

Personal summary:
　　 IptablesWhen a rule is executed, it is executed from the top to bottom of the rule table. If no matching rule is encountered, it is executed one by one. if a matching rule is encountered, then the rule will be executed. after the rule is executed, the next execution will be decided based on the action (accept, reject, log, etc.) of the rule. There are generally three situations for subsequent execution.
1. One is to continue executing the next rule in the current rule queue. For example, after the LOG in the Filter queue is executed, the next rule in the Filter queue is also executed.
2. One is to stop the execution of the current rule queue and go to the next rule queue. For example, after the accept is executed, other rules in the Filter queue are interrupted and the rules are jumped to the nat queue for execution.
3. One is to abort the execution of all rule queues.