iptables is a command-line firewall utility that uses the policy chains to allow or block the traffic. iptables is the rule-based firewall and it is pre-installed on most of Linux operating system. By default, it runs without any rules. Iptables uses a set of tables which have chains that contain set of built-in or user-defined rules.
IP tables (Linux Firewall) Tables and Chains:
IPTables has the following 4 types of tables.
a) Filter Table:
The filter table is one of the most widely used tables in iptables. The filter table is used to make decisions about whether packet continues to its destination or to deny its request. Iptables’s filter table has the following built-in chains.
INPUT chain: Incoming to the firewall. For packets coming to the local server.
OUTPUT chain: Outgoing from the firewall. For packets generated locally and going out of the local server.
FORWARD chain: Packet for another NIC on the local server. For packets routed through the local server.
To view the Filter table rules run the following command.
#iptables -t filter –list
# iptables –list
b) NAT Table:
The nat table is used to implement network address translation rules. A table that is consulted when a packet tries to create a new connection. This is often used to route packets to networks when direct access is not possible.
PREROUTING chain: It is used for altering a packet as soon as it’s received. This helps to translate the destination ip address of the packets to something that matches the routing on the local server.
POSTROUTING chain: It is used for altering packets as they are about to go out. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server.
OUTPUT chain: It is used for locally generated packets on the firewall.
To view the NAT table rules run the following command.
# iptables -t nat –list
c) Mangle Table:
The mangle table is used to alter the IP headers of the packet in various ways. This alters QOS bits in the TCP header. Mangle table has the following built-in chains.
To view the Mangle table rules run the following command.
# iptables -t mangle –list
d) Raw Table:
The raw table has a very narrowly defined function. Its only purpose is to provide a mechanism for marking packets in order to opt-out of connection tracking.
To view, the Raw table rules run the following command.
# iptables -t raw –list
The rules in the iptables list command output contain the following fields:
num: Rule number within the particular chain
target: Special target variable that we discussed above
prot: Protocols. tcp, udp, icmp, etc.,
opt: Special options for that specific rule.
source: Source ip-address of the packet
destination: Destination IP-address for the packet