firewall for linux, firewall is script or packet software for protect your network or server from attack from other network. iptables is powerfull packet software on linux for firewall. iptables preserves the basic ideas introduced with ipfwadm: lists of rules each of which specified what to match within a packet, and what to do with such a packet.
iptables extended this further into tables: one table was consulted when deciding whether to NAT a packet, and another consulted when deciding how to filter a packet. In addition, the three filtering points in a packet's journey were altered such that any packet only passes through one filtering point. basic filtering with iptables is with chain below:
“PREROUTING”: all data Packets will in to this chain before a routing decision is made.
“INPUT”: all data Packet will deliver locally delivered. It does't have anything to do with processes having a socket open. Local delivery is controlled by the “local-delivery” routing table: `ip route show table local`.)
“FORWARD”: All data packets that have been routed and not for local delivery will traverse this chain.
“OUTPUT”: all data Packets sent from the system itself and will be visiting this chain rule.
“POSTROUTING”: Routing decision has been made and all Packets enter this chain just before handing them off to the hardware.
Each rule in a chain contains the specification of which packets it matches. It may also contain a target (used for extensions) or verdict (one of the built-in decisions). As a packet traverses a chain, each rule in turn is examined. If a rule does not match the packet, the packet is passed to the next rule
iptables extended this further into tables: one table was consulted when deciding whether to NAT a packet, and another consulted when deciding how to filter a packet. In addition, the three filtering points in a packet's journey were altered such that any packet only passes through one filtering point. basic filtering with iptables is with chain below:
“PREROUTING”: all data Packets will in to this chain before a routing decision is made.
“INPUT”: all data Packet will deliver locally delivered. It does't have anything to do with processes having a socket open. Local delivery is controlled by the “local-delivery” routing table: `ip route show table local`.)
“FORWARD”: All data packets that have been routed and not for local delivery will traverse this chain.
“OUTPUT”: all data Packets sent from the system itself and will be visiting this chain rule.
“POSTROUTING”: Routing decision has been made and all Packets enter this chain just before handing them off to the hardware.
Each rule in a chain contains the specification of which packets it matches. It may also contain a target (used for extensions) or verdict (one of the built-in decisions). As a packet traverses a chain, each rule in turn is examined. If a rule does not match the packet, the packet is passed to the next rule
0 komentar:
Posting Komentar