POSTROUTING (for altering packets as they are about to
Packets coming into the box itself), FORWARD (forĪltering packets being routed through the box), and Other built-in chains are also supported: INPUT (for
Routing) and OUTPUT (for altering locally-generated PREROUTING (for altering incoming packets before Until kernel 2.4.17 it had two built-in chains: This table is used for specialized packet alteration. IPv6 NAT support is available since kernel 3.7. (for altering packets as they are about to go out). Generated packets before routing), and POSTROUTING They come in), INPUT (for altering packets destinedįor local sockets), OUTPUT (for altering locally. It consists of fourīuilt-ins: PREROUTING (for altering packets as soon as This table is consulted when a packet that creates a Routed through the box), and OUTPUT (for locally. It contains the built-in chains INPUT (for packetsĭestined to local sockets), FORWARD (for packets being This is the default table (if no -t option is passed). Load the appropriate module for that table if it is not With automatic module loading, an attempt will be made to This option specifies the packet matching table which theĬommand should operate on. Present at any time depends on the kernel configuration options There are currently five independent tables (which tables are Policy determines the fate of the packet. With target RETURN is matched, the target specified by the chain If theĮnd of a built-in chain is reached or a rule in a built-in chain Resume at the next rule in the previous (calling) chain. RETURN means stop traversing this chain and
One of the special values ACCEPT, DROP or RETURN.ĪCCEPT means to let the packet through. The value of the target, which can be the name of a user-definedĬhain, one of the targets described in iptables-extensions(8), or The packet does not match, the next rule in the chain isĮxamined if it does match, then the next rule is specified by Is called a `target', which may be a jump to a user-defined chainĪ firewall rule specifies criteria for a packet and a target. Each tableĬontains a number of built-in chains and may also contain user-Įach chain is a list of rules which can match a set of packets.Įach rule specifies what to do with a packet that matches. The tables of IPv4 and IPv6 packet filter rules in the Linux Target = -j targetname ĭESCRIPTION top Iptables and ip6tables are used to set up, maintain, and inspect Iptables -P chain target iptables -E old-chain-name new-chain-name Iptables/ip6tables - administration tool for IPv4/IPv6 packet IPTABLES(8) iptables 1.8.8 IPTABLES(8) NAME top
0 kommentar(er)
