|
Linux comes with advanced tools for packet filtering — the process of controlling network packets as they enter, move through, and exit the network stack within the kernel. Pre-2.4 kernels relied on ipchains for packet filtering and used lists of rules applied to packets at each step of the filtering process. The introduction of the 2.4 kernel brought with it iptables (also called netfilter), which is similar to ipchains but greatly expands on the scope and control available for filtering network packets.
This chapter focuses on packet filtering basics, defines the differences between ipchains and iptables, explains various options available with iptables commands, and shows how filtering rules can be preserved between system reboots. If you require instructions for constructing iptables rules or setting up a firewall based on these rules, please see the “Additional Resources” section for more information.
Warning | The default firewall mechanism under the 2.4 kernel is iptables, but iptables cannot be used if ipchains is already running. If ipchains is present at boot time, the kernel will issue an error and fail to start iptables. The functionality of ipchains is not affected by these errors. |
|