• Complain

Gregor N. Purdy - Linux iptables Pocket Reference

Here you can read online Gregor N. Purdy - Linux iptables Pocket Reference full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2009, publisher: OReilly Media, genre: Home and family. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

No cover
  • Book:
    Linux iptables Pocket Reference
  • Author:
  • Publisher:
    OReilly Media
  • Genre:
  • Year:
    2009
  • Rating:
    5 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 100
    • 1
    • 2
    • 3
    • 4
    • 5

Linux iptables Pocket Reference: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Linux iptables Pocket Reference" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Linux iptables Pocket Reference organizes the subtle netfilter syntax for quick and easy lookup, and helps administrators remember all the values they need to enter to assure strict security. The book divides the listings of all iptables options into those that are suitable for firewalling, accounting, and Network Address Translation (NAT). Our unique quick reference format is ideal for Linux administrators who already have a firewall in place, but need to be prepared for frequent changes in their environment.

Gregor N. Purdy: author's other books


Who wrote Linux iptables Pocket Reference? Find out the surname, the name of the author of the book and a list of all author's works by series.

Linux iptables Pocket Reference — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Linux iptables Pocket Reference" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Linux iptables Pocket Reference
Gregor N. Purdy
Editor
Andy Oram

Copyright 2009 O'Reilly Media, Inc.

O'Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (.

Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of O'Reilly Media, Inc. The Pocket Reference / Pocket Guide series designations, Linux iptables Pocket Reference , the image of two cowboys in a doorway, and related trade dress are trademarks of O'Reilly Media, Inc.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O'Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps.

While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

OReilly Media Dedication This book is dedicated to the memory of my brother - photo 1

O'Reilly Media

Dedication

This book is dedicated to the memory of my brother W. Scott Purdy (19691995)

Chapter 1. Linux iptables Pocket Reference
Introduction

The Linux kernel's network packet processing subsystem is called Netfilter, and iptables is the command used to configure it. This book covers the iptables user-space utilities Version 1.2.7a, which uses the Netfilter framework in the Linux kernel version 2.4 and also covers most of what's in 2.6. Because Netfilter and iptables are tightly coupled, I will use " iptables " to refer to either or both of them throughout this book.

The iptables architecture groups network packet processing rules into tables by function (packet filtering, network address translation, and other packet mangling), each of which have chains (sequences) of processing rules. Rules consist of matches (used to determine which packets the rule will apply to) and targets (that determine what will be done with the matching packets).

iptables operates at OSI Layer 3 (Network). For OSI Layer 2 (Link), there are other technologies such as ebtables (Ethernet Bridge Tables). See http://ebtables.sourceforge.net/ for more information.

An Example Command

Here is a sample iptables command:

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.3:8080

shows what this sample iptables command means.

Table 1-1. Decomposed example iptables command arguments

Component

Description

-t nat

Operate on the nat table...

-A PREROUTING

... by appending the following rule to its PREROUTING chain.

-i eth1

Match packets coming in on the eth1 network interface...

-p tcp

... that use the tcp (TCP/IP) protocol

--dport 80

... and are intended for local port 80.

-j DNAT

Jump to the DNAT target...

--to-destination

192.168.1.3:8080

... and change the destination address to 192.168.1.3 and destination port to 8080.

Concepts

iptables defines five "hook points" in the kernel's packet processing pathways: PREROUTING, INPUT, FORWARD, POSTROUTING and OUTPUT. Built-in chains are attached to these hook points; you can add a sequence of rules for each hook point. Each rule represents an opportunity to affect or monitor packet flow.

Tip

It is common to refer to "the PREROUTING chain of the nat table," which implies that chains belong to tables. However chains and tables are only partially correlated, and neither really "belongs" to the other. Chains represent hook points in the packet flow, and tables represent the types of processing that can occur. show all the legal combinations, and the order in which they are encountered by packets flowing through the system.

shows how packets traverse the system for network address translation. These are the chains for the nat table.

Figure 1-1 Network packet flow and hook points for NAT shows how packets - photo 2

Figure 1-1. Network packet flow and hook points for NAT

shows how packets traverse the system for packet filtering. These are the chains for the filter table.

Figure 1-2 Network packet flow and hook points for filtering shows how packets - photo 3

Figure 1-2. Network packet flow and hook points for filtering

shows how packets traverse the system for packet mangling. These are the chains for the mangle table.

Figure 1-3 Network packet flow and hook points for mangling shows the five - photo 4

Figure 1-3. Network packet flow and hook points for mangling

shows the five hook points and describes the points in the packet flow where you can specify processing.

Table 1-2. Hook points

Hook

Allows you to process packets...

FORWARD

... that flow through a gateway computer, coming in one interface and going right back out another.

INPUT

... just before they are delivered to a local process.

OUTPUT

... just after they are generated by a local process.

POSTROUTING

... just before they leave a network interface.

PREROUTING

... just as they arrive from a network interface (after dropping any packets resulting from the interface being in promiscuous mode and after checksum validation).

Tip

For the curious, the hook points are defined in the kernel header file /usr/include/linux/netfilter_ipv4.h with names like NF_IP_FORWARD, NF_IP_LOCAL_{IN,OUT}, and NF_IP_{PRE,POST}_ROUTING.

Your choice of chain will be based on where in the packet lifecycle you need to apply your rules. For example, if you want to filter outgoing packets, it is best to do so in the OUTPUT chain because the POSTROUTING chain is not associated with the filter table.

Tables

iptables comes with three built-in tables:

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Linux iptables Pocket Reference»

Look at similar books to Linux iptables Pocket Reference. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Linux iptables Pocket Reference»

Discussion, reviews of the book Linux iptables Pocket Reference and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.