Tuesday, October 28, 2008

Netfilter and Iptables demystified

Well netfilter is a linux module(dynamically loadable lump of code in kernel, as linux is monolith kernel) and a framework that hooks into network stack to facilitate processing of packets.

It has two major components:
1) Netfilter component which hooks into stack and performs actions
2) Iptable component which defines a strcuture for rules. Netfilter reads these rules to perform action. Iptables also provides user an interface to configure these rules in form of a utility (also) called iptables.

Netfilter component has 5 hooks into the networking stack so that it can examine following packets
1) Incoming
2) Outgoing
3) Fowarding
4) Pre-routing
5) Post-routing

Though the first 3 are more used, last two are not behind while implementing a NAT (network address translation router using linux box) gateway or router. The difference being they require re-write of packet.

A detailed example of using iptables is given at the following link:

No comments: