Introduccion a ip tables linux
Linux kernel’s network packet processing subsystem
IpTables
Is the command to used to configure Netfiller. Version 2.4 Linux kernel and a few of 2.6
Are tightly coupled,Iptables w ill be use to refer to either or both of them
The iptables architecture groups network packet processing rules
by function
tables
Chains
rules
Matches Targets
Operates at OSILayer 3 (Network)
Filter Table Used to set policies for the type of traffic allowed into, through, and out of the computer
Tables
NAT
Used with connection tracking to redirect connectionsfor network address translation Is the modification of the addresses and/or ports of network packets as they pass through a computer nat_amanda nat_ftp
allow s plug-in modules to help handle packetsfor protocols that embed addresses w ithin the data being exchanged
needs to run the modprobe command to install kernel modules. Modules helper
nat_irc nat_snmp_basic nat_tftp
Mangle TableConcepts
Used for specialized packet alteration PREROUTING FORWARD Defines 5 hook points chains INPUT Arrive from a network interface Flow through a gateway computer They are delivered to a localprocess (before) not be associated with FT Before they leave a network interface
POSTROUTING OUTPUT
they are generated by a local process (After)
The user could create own chains to organizehis rules. A chain's policy determines the fate off packets reach the end of the chain without otherwise being sent to a specific target Chains All user-defined chains have an implicit policy ofRETURN that cannot be changed. THe user cans add a rule to the end of the chain that matches all packets, with any target he likes If the packet does not match the rule’s criteria, the packet moves to thenext rule in the chain If a packet reaches the last rule in a chain and still does not match, the chain’s policy is applied to it.
packet flow
and are presented to the chains’ rules one at a...
Regístrate para leer el documento completo.