chains in iptables
tags: learning networking linux
content
what’s a chain in iptables?
Each chain is a list of rules, which can match a set of packets. Each rule specifies what to do with a packet that match. This is called a
target, which may be a jump to a user-defined chain in the same table. →man iptables
- a chain in iptables are just a list of rules (however you call it, a list of rules, a table of rules, a chain of rules)
- the rules are processed in order
- there are built-in chains:
filter,NAT, etc - there are also user-defined ones, like
KUBE
filter chains:
- default chain, contains default chains:
INPUT,FORWARD,OUTPUT- INPUT: incoming traffic, the packet is destined for the machine
- OUTPUT: outgoing traffic from the machine
- FORWARD: the packet is not destined for the machine, the machine is merely routing
what’s a target in chains?
- a target is just one rule in the chain (in the list of rules)
- there’re 3 types of targets:
ACCEPT / DROP / RETURN- ACCEPT: let the packet come in
- DROP: don’t let the packet come in
- RETURN: it’s kinda like a return in a function, if a
returnis reached, stop traversing current chain, back to previous calling chain (the chain that calls this chain), and continue with the rules in the calling chain- it’s really just like a function call
- Man page of IPTABLES