Iptables – Easily Defining the Chains of Rules!
Iptables is one of the latest userspace applications that have been designed to configure the Linux 2.6.x, 2.4.x, and IPv4 packet filtering rule set. It has been primarily targeted towards the system users.
The Iptables has been designed to operate like as Network Address Translation for making configure the packet filter ruleset.
The Iptables packet is also involves Ip6tables and it can be used for configuring the IPv6 packet filter.
This packet is requiring a kernel, and it is loaded with 2.4.x and 2.6.x for releasing the kernel. The Iptables is having some good features, and the features are discussed below.
- Iptables can list the contents of the packet filter ruleset
- It can help the user to add, remove and modify the rules in the packet filter ruleset
- The system administration can list and zeroing per rule counters of the packet filter ruleset
One of the best advantages of the Iptables is that it is allowing the users to define the tables contains chains of rules. Specially, the user can get much help to use the Linux version successfully.
Now, you can get the details about the Iptables from users manual. The Iptables has been loaded with tons of rules and these rules are the combinations of treatment packet processing.
QUEUE means passing packet to the user space. (How packet is received by the user space process varies by particular queue handler. 2.4.x n 2.6.x kernels to 2.6.13 include ip_queue queue handler. ACCEPT actually means to let packet through and DROP means dropping packet on floor.
The kernels 2.6.14 & later additionally include nfnetlink_queue handler. The packets with target of the QUEUE is sent to the queue number ’0′ at this case. So, please see NFQUEUE target as it is described later in man page.)
RETURN actually means stop traversing chain & resume at next rule in previous chain. In case, end of the built in chain is been reached or rule in built in chain with the target RETURN is been matched, target specified by chain policy decides fate of a packet. These choices specify specific action to do.
Just one of them is specified on command line otherwise specified below. So, for all long versions of command & option names, you have to use enough letters to make sure iptables will differentiate that from other options.