IP filtering firewalls (iptables)

  • Packet filtering is implemented through Linux Kernel.
  • Linux network packet filtering tools: 
       Kernel 2.4 and 2.6:  iptables
   Kernel 2.2:          ipchains
   Kernel 2.0:          ipfwadm

    Chains for network packets: 
          INPUT
      OUTPUT
      FORWARD
    Chains are combined into tables: 
         filter (default)
     NAT
     mangle
    Each of the chains filters data packets based on
  • Source and Destination IP
  • Source and Destination Port number
  • Network interface
  • State of the packet
    Target for the rule: 
         ACCEPT
     DROP
     REJECT
     QUEUE
     RETURN
     LOG
    • FILTER TABLE



    Check iptables filter configuration:

    /sbin/iptables -L -t filter


    Reference: packet-filtering-HOWTO
    Previous Pageprevious First Pagetop Next Pagenext