iptables 工作机制
iptables 介绍
iptables 和 ip6tables 用于在 Linux 内核中设置、管理和检查 IPv4 和 IPv6 数据包过滤规则的 表(Tables)。每个表都包含了一些内建或者是用户定义的 链(Chains)。每个链都是一个由 规则(Rules)组成的列表,用于匹配一组的数据包。每条规则都指定了如何处理已匹配的数据包,这被称为 目标(Target),例如可以将数据包跳转到同一个表中的用户定义的链中。
表 Tables | 内建的链 built-in Chains | 作用 |
Filter(未指定 | INPUT | for packets destined to local sockets |
FORWARD | for packets being routed through the box | |
OUTPUT | for locally-generated packets | |
NAT | PREROUTING | for altering packets as soon as they come in |
OUTPUT | for altering locally-generated packets before routing | |
POSTROUTING | for altering packets as they are about to go out | |
Mangle | PREROUTING (kernel 2.4.17+) | for altering incoming packets before routing |
OUTPUT (kernel 2.4.17+) | for altering locally-generated packets before routing | |
INPUT (kernel 2.4.18+) | for packets coming into the box itself | |
FORWARD (kernel 2.4.18+) | for altering packets being routed through the box | |
POSTROUTING (kernel 2.4.18+) | for altering packets as they are about to go out | |
Raw | PREROUTING | for packets arriving via any network interface |
OUTPUT | for packets generated by local processes |
一图概览
参考资料
最后更新于