IPTABLES BASICS

IPtables is vast topic which can not be dealt in one post I will be posting this IPtables in different posts but will link all of them

IPtables basics

Iptables is a securit module in Linux kernel, this Iptables can be used a firewall(filter table),Internet sharing(NAT table),For altering Type Of Service(mangle table) and for non tracking purpose(Raw table)

Firewall definition:

A firewall is a security system consisting of a combination of hardware and software that limit’s the exposure of a computer or computer network to attack from crackers; commonly used on local area networks that are connected to the internet. This is acheived by Filter table

Internetsharing definition:

An Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations.

Mangling definition:

 Mangling is defined as changing the Type of service value in IP header packet to get the desired values such as decreasing latency(for example telnet,ssh should required less latency) etc. This table is used for imporving some services performance

Non tracking packets definition:

Most of the system/network activitis are logged in some logs, if we want our packets to be not monitored we can use this table, This raw table(which is introduced in 2.6 version linux kernel for some special feature) will set value on each packet not to track where this packet is coming and going.

IPtables is nothing but a set of tables

A table is set of chains and target values.
A chain is nothing but a rule on a packet wether to forword or drop or Reject etc
A rule is nothing but setting a criteria for packet.

Iptables will work on targeting IP packets and chains
These targets may be

1. ACCEPT
   
2. DROP
3. REJECT
4. SNAT
5. DNAT
6. NOTRACK
7. BALANCE
   
8. CLASSIFY
   
9. CLUSTERIP
   
10. CONNMARK
    
11. DSCP
    
12. ECN
    
13. LOG
    
14. MARK
    
15. MASQUERADE
    
16. MIRROR
    
17. NETMAP
18. REDIRECT
19. ROUTE
    
20. SET
    
21. TCPMSS
    
22. TOS
    
23. TRACE
    
24. TTL
    
25. ULOG

these chains may be

1. INPUT (for packets destined to local sockets),
2. FORWARD (for packets being routed through the box),
3. OUTPUT (for locally-generated packets)
4. PREROUTING (for altering packets as soon as they come in),
5. POSTROUTING (for altering packets as they are about to go out).

in next post I will be giving some explination to this targets and chains with some practical exampls, thanks for reading the blog and commenting.

Please visit https://www.linuxnix.com for more linux admin stuff

Post Views: 9,166

The following two tabs change content below.

• Bio
• Latest Posts

Surendra Anne

Mr Surendra Anne is from Vijayawada, Andhra Pradesh, India. He is a Linux/Open source supporter who believes in Hard work, A down to earth person, Likes to share knowledge with others, Loves dogs, Likes photography. He works as Devops Engineer with Taggle systems, an IOT automatic water metering company, Sydney . You can contact him at surendra (@) linuxnix dot com.

Latest posts by Surendra Anne (see all)

• Docker: How to copy files to/from docker container - June 30, 2020
• Anisble: ERROR! unexpected parameter type in action: Fix - June 29, 2020
• FREE: JOIN OUR DEVOPS TELEGRAM GROUPS - August 2, 2019
• Review: Whizlabs Practice Tests for AWS Certified Solutions Architect Professional (CSAP) - August 27, 2018
• How to use ohai/chef-shell to get node attributes - July 19, 2018