These actions are referred to as targets, of which the two most common predefined targets are DROP to drop a packet or ACCEPT to accept a packet. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic (IP packets) relevant to those chains and a decision is made about what to do with each packet based upon the outcome of those rules, i.e. We don't need to be experts in these to get started (as we can look up any of the information we need), but it helps to have a general understanding. Iptables uses the concept of IP addresses, protocols (tcp, udp, icmp) and ports.
We're going to learn the command line interface of iptables.īefore we can really get to grips with iptables, we need to have at least a basic understanding of the way it works. There are many GUI front ends for iptables that allow users to add or define rules based on a point and click user interface, but these often lack the flexibility of using the command line interface and limit the users understanding of what's really happening. Netfilter is a kernel module, built into the kernel, that actually does the filtering. Iptables is the userspace module, the bit that you, the user, interact with at the command line to enter firewall rules into predefined tables. CentOS has an extremely powerful firewall built in, commonly referred to as iptables, but more accurately is iptables/netfilter.
0 kommentar(er)
