For example, most match operators can take a negation operator, !,which matches anything other than the value specified in the match. Square brackets indicate that the enclosed command, option, or value isoptional. For example, mostof the iptables commands have both a short and a long form, such as -Land -list, and so they would be listed as alternate options becauseyou would use one or the other of -L or -list.Īngle brackets indicate a user-supplied value, such as a string or numericvalue. Table 3.1 Conventions Representing Command-Line Syntax OptionsĪ bar or pipe symbol separates alternate syntax options. For those of you who are new to Linux or tocomputer documentation in general, Table 3.1 shows the conventions used in theupcoming syntax descriptions. The conventions used to present command-line syntax options are fairlystandard in the computer world. POSTROUTING (changes packets just before they leave the firewall, after the OUTPUT chain) ![]() INPUT (packets arriving at the firewall but after the PREROUTING chain)įORWARD (changes packets being routed through the firewall) These flags are then inspected later by rules in the filter table. ![]() MangleThe mangle table contains rules for setting specialized packet-routing flags. ![]() These rules are functionally distinct from the firewall filter rules. NatThe nat table contains the rules for Source and Destination Address and Port Translation. It contains the actual firewall filtering rules. ![]() Three tables areavailable:įilterThe filter table is the default table. Nondefault tables are specified by a command-line option. As presented earlier, iptables uses the concept of separate rule tables for different packet processing functionality.
0 Comments
Leave a Reply. |