EasyManuals Logo

Tiesse Imola LX 5200 User Manual

Default Icon
376 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #168 background imageLoading...
Page #168 background image
Firewall functions: IPTABLES
USER GUIDE
168
FIREWALL FUNCTIONS: IPTABLES
INTRODUCTION
The Imola command iptables is an advanced tool for packet filtering on the network: it checks
packets trying to access, transit and exit from the router. It has the following functionality:
Firewall, both stateless and stateful
Network Address Translation (NAT), both static and dynamic
Alteration and marking of packets(mangle)
Accounting and logging of packets
Port forwarding
Load balancing
TABLES, CHAINS, RULES AND TARGET
iptables assembles into tables the rules for packet processing. There are three default tables:
filter
Governs the firewall functions: it defines which packets will be accepted or blocked
nat
Governs natting activities (source-nat, destination-nat, pat)
mangle
Governs mechanisms for the modifications of packets
Each table is composed of a group of predetermined chains (INPUT, OUTPUT, FORWARD,
PREROUTING, POSTROUTING). Customized chains can optionally be added. Each chain is
composed of a set of rules which, according to a match criterion, identify the network packets:
protocol, IP address, service, etc. (e.g.: -p tcp --dport 80 -d 10.0.1.1).
Each rule terminates with an indication (target) which indicates what to do with the packets
identified (e.g. -j ACCEPT, -j DROP, -j LOG,...).
The chains indicate predetermined points (also known as hook points) during the packet
processing: in these points the packet is examined in order to apply the rule established and to
execute the target if the match associated with the rule has been satisfied.
The appropriate chains are used according to the type of table (filter, NAT or mangle). In particular,
filter functions use INPUT, FORWARD and OUTPUT chains, NAT functions use PREROUTING and
POSTROUTING chains, mangle functions can be used within any chain. The meaning of each chain is
described in the following paragraphs.
The generic syntax of the iptables command is as follows:
iptables t table -[AD] chain rule-specification [options]
iptables t table -[I] chain [rulenum] rule-specification [options]
iptables t table -D chain rulenum [options]
iptables t table -[L] [chain] [options]
where the following parameters are specified: reference table (-t NAT table), adding or deleting the
rule within the chain (-A chain, -D chain, -I chain), rule for matching packets and action (target) to
be executed.
The command:

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Tiesse Imola LX 5200 and is the answer not in the manual?

Tiesse Imola LX 5200 Specifications

General IconGeneral
BrandTiesse
ModelImola LX 5200
CategoryNetwork Router
LanguageEnglish

Related product manuals