Table of Contents
Advertisement
Chapter 18.
iptables
Included with Red Hat Enterprise Linux are advanced tools for network packet filtering — the
process of controlling network packets as they enter, move through, and exit the network stack
within the kernel. Kernel versions prior to 2.4 relied on
lists of rules applied to packets at each step of the filtering process. The introduction of the 2.4
kernel brought with it
iptables
expands the scope and control available for filtering network packets.
This chapter focuses on packet filtering basics, defines the differences between
, explains various options available with
iptables
filtering rules can be preserved between system reboots.
For instructions on constructing
refer to
Section 7, "Additional
Warning
The default firewall mechanism under the 2.4 and newer kernels is
but
iptables
present at boot time, the kernel issues an error and fails to start
The functionality of
1. Packet Filtering
The Linux kernel has the built-in ability to filter packets, allowing some of them to be received by
or pass through the system while stopping others. The kernel's netfilter has three built-in tables
or rules lists. They are as follows:
•
— The default table for handling network packets.
filter
•
— Used to alter packets that create a new connection and used for Network Address
nat
Translation (NAT).
•
— Used for specific types of packet alteration.
mangle
Tip
In addition to these built in tables, specialized tables can be created and stored
in the
/lib/modules/<kernel-version>/kernel/net/ipv4/netfilter/
directory (where
(also called netfilter), which is similar to
iptables
rules or setting up a firewall based on these rules,
iptables
Resources".
cannot be used if
ipchains
is not affected by these errors.
ipchains
<kernel-version>
for packet filtering and used
ipchains
ipchains
commands, and explains how
are already running. If
corresponds to the version kernel number).
but greatly
and
ipchains
,
iptables
is
ipchains
.
iptables
327
Advertisement
Table of Contents
