IPtables
Ref : http://linux.die.net/man/8/iptables
Tables in IPtables :
- filter: This is the default table (if no -t option is passed).
- INPUT (for packets destined to local sockets),
- FORWARD (for packets being routed through the box),
- OUTPUT (for locally-generated packets).
- nat: This table is consulted when a packet that creates a new connection is encountered.
- PREROUTING (for altering packets as soon as they come in),
- OUTPUT (for altering locally-generated packets before routing),
- POSTROUTING (for altering packets as they are about to go out).
- mangle: This table is used for specialized packet alteration.
- Until kernel 2.4.17 it had two built-in chains:
- PREROUTING (for altering incoming packets before routing)
- OUTPUT (for altering locally-generated packets before routing).
- Since kernel 2.4.18, three other built-in chains are also supported:
- INPUT (for packets coming into the box itself),
- FORWARD (for altering packets being routed through the box)
- POSTROUTING (for altering packets as they are about to go out).
- raw:
- This table is used mainly for configuring exemptions from connection tracking in combination with the NOTRACK target.
- It registers at the netfilter hooks with higher priority and is thus called before ip_conntrack, or any other IP tables.
- It provides the following built-in chains:
- PREROUTING (for packets arriving via any network interface)
- OUTPUT (for packets generated by local processes)
Ref : http://linux.die.net/man/8/iptables