Chapter Summary

Previous page
Table of content
Next page

The iptables utility creates firewalls intended to prevent unauthorized access to a system or network. An iptables command sets up or maintains in the kernel rules that control the flow of network packets; rules are stored in chains. Each rule has a criteria part and an action part, called a target. When the criteria part matches a network packet, the kernel applies the action from the rule to the packet.

Chains are collected in three tables: Filter, NAT, and Mangle. Filter, the default table, DROPs or ACCEPTs packets based on their content. NAT, the Network Address Translation table, translates the source or destination field of packets. Mangle is used exclusively to alter TOS (type of service), TTL (time to live), and MARK fields in a packet. The connection tracking machine, which is handled by the conntrack module, defines rules that match criteria based on the state of the connection a packet is part of.

In an emergency you can give the following command to unload all iptables modules from the kernel and set a policy of DROP for all tables:

# /sbin/service iptables panic




Previous page
Table of content
Next page
A Practical Guide to Red Hat Linux
A Practical Guide to Red HatВ® LinuxВ®: Fedoraв„ў Core and Red Hat Enterprise Linux (3rd Edition)
ISBN: 0132280272
EAN: 2147483647
Year: 2006
Pages: 383
Authors: Mark G. Sobell
BUY ON AMAZON
SQL Tips & Techniques (Miscellaneous)
A Practitioners Guide to Software Test Design
C++ GUI Programming with Qt 3
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy