-
-
Save mgiay/bd78c29897028c61358ab17166b62416 to your computer and use it in GitHub Desktop.
Revisions
-
Brent Salisbury revised this gist
Jul 17, 2015 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,23 +4,23 @@ ### IPTables has the following 4 built-in tables. **1) Filter Table** Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains. * INPUT chain – Incoming to firewall. For packets coming to the local server. * OUTPUT chain – Outgoing from firewall. For packets generated locally and going out of the local server. * FORWARD chain – Packet for another NIC on the local server. For packets routed through the local server. **2) NAT table** Iptable’s NAT table has the following built-in chains. * PREROUTING chain – Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the system (and before routing). This helps to translate the destination ip address of the packets to something that matches the routing on the local server. This is used for DNAT (destination NAT). * POSTROUTING chain – Alters packets after routing. i.e Packet translation happens when the packets are leaving the system. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server. This is used for SNAT (source NAT). * OUTPUT chain – NAT for locally generated packets on the firewall. **3) Mangle table** Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle table has the following built-in chains. @@ -30,7 +30,7 @@ Iptables’s Mangle table is for specialized packet alteration. This alters QOS * INPUT chain * POSTROUTING chain **4) Raw table** Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains. -
Jul 17, 2015 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,23 +4,23 @@ ### IPTables has the following 4 built-in tables. *1) Filter Table* Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains. * INPUT chain – Incoming to firewall. For packets coming to the local server. * OUTPUT chain – Outgoing from firewall. For packets generated locally and going out of the local server. * FORWARD chain – Packet for another NIC on the local server. For packets routed through the local server. *2) NAT table* Iptable’s NAT table has the following built-in chains. * PREROUTING chain – Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the system (and before routing). This helps to translate the destination ip address of the packets to something that matches the routing on the local server. This is used for DNAT (destination NAT). * POSTROUTING chain – Alters packets after routing. i.e Packet translation happens when the packets are leaving the system. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server. This is used for SNAT (source NAT). * OUTPUT chain – NAT for locally generated packets on the firewall. *3) Mangle table* Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle table has the following built-in chains. @@ -30,7 +30,7 @@ Iptables’s Mangle table is for specialized packet alteration. This alters QOS * INPUT chain * POSTROUTING chain *4) Raw table* Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains. -
Jul 17, 2015 . No changes.There are no files selected for viewing
-
Jul 17, 2015 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,23 +4,23 @@ ### IPTables has the following 4 built-in tables. 1) Filter Table Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains. * INPUT chain – Incoming to firewall. For packets coming to the local server. * OUTPUT chain – Outgoing from firewall. For packets generated locally and going out of the local server. * FORWARD chain – Packet for another NIC on the local server. For packets routed through the local server. 2) NAT table Iptable’s NAT table has the following built-in chains. * PREROUTING chain – Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the system (and before routing). This helps to translate the destination ip address of the packets to something that matches the routing on the local server. This is used for DNAT (destination NAT). * POSTROUTING chain – Alters packets after routing. i.e Packet translation happens when the packets are leaving the system. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server. This is used for SNAT (source NAT). * OUTPUT chain – NAT for locally generated packets on the firewall. 3) Mangle table Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle table has the following built-in chains. @@ -30,7 +30,7 @@ Iptables’s Mangle table is for specialized packet alteration. This alters QOS * INPUT chain * POSTROUTING chain 4) Raw table Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains. -
Jul 17, 2015 . 1 changed file with 35 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,40 @@ # Linux NetFilter, IP Tables and Conntrack Diagrams ## IPTABLES TABLES and CHAINS ### IPTables has the following 4 built-in tables. 1. Filter Table Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains. * INPUT chain – Incoming to firewall. For packets coming to the local server. * OUTPUT chain – Outgoing from firewall. For packets generated locally and going out of the local server. * FORWARD chain – Packet for another NIC on the local server. For packets routed through the local server. 2. NAT table Iptable’s NAT table has the following built-in chains. * PREROUTING chain – Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the system (and before routing). This helps to translate the destination ip address of the packets to something that matches the routing on the local server. This is used for DNAT (destination NAT). * POSTROUTING chain – Alters packets after routing. i.e Packet translation happens when the packets are leaving the system. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server. This is used for SNAT (source NAT). * OUTPUT chain – NAT for locally generated packets on the firewall. 3. Mangle table Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle table has the following built-in chains. * PREROUTING chain * OUTPUT chain * FORWARD chain * INPUT chain * POSTROUTING chain 4. Raw table Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains.  ---  -
Jul 17, 2015 . 1 changed file with 6 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,11 @@ # Linux NetFilter, IP Tables and Conntrack Diagrams  ---  ---  ---  ---  @@ -18,10 +24,4 @@ ---  ---  -
Jul 17, 2015 . 1 changed file with 11 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,14 +3,25 @@  ---  ---  ---  ---  ---  ---  ---  ---  ---  ---  ---  ---  -
Jul 17, 2015 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,7 @@ # Linux NetFilter, IP Tables and Conntrack Diagrams  ---    -
Jul 17, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,15 @@ # Linux NetFilter, IP Tables and Conntrack Diagrams             
Brent Salisbury
revised
this gist