文件名称:Linux iptables Pocket Refrence
文件大小:1.45MB
文件格式:PDF
更新时间:2015-04-25 16:48:15
iptables
The Linux kernel’s network packet processing subsystem is called Netfilter, and iptables is the command used to config- ure it. This book covers the iptables user-space utilities Ver- sion 1.2.7a, which uses the Netfilter framework in the Linux kernel version 2.4 and also covers most of what’s in 2.6. Because Netfilter and iptables are tightly coupled, I will use “iptables” to refer to either or both of them throughout this book. The iptables architecture groups network packet processing rules into tables by function (packet filtering, network address translation, and other packet mangling), each of which have chains (sequences) of processing rules. Rules consist of matches (used to determine which packets the rule will apply to) and targets (that determine what will be done with the matching packets). iptables operates at OSI Layer 3 (Network). For OSI Layer 2 (Link), there are other technologies such as ebtables (Ether- net Bridge Tables). See http://ebtables.sourceforge.net/ for more information.