Well netfilter is a linux module(dynamically loadable lump of code in kernel, as linux is monolith kernel) and a framework that hooks into network stack to facilitate processing of packets.
It has two major components:
1) Netfilter component which hooks into stack and performs actions
2) Iptable component which defines a strcuture for rules. Netfilter reads these rules to perform action. Iptables also provides user an interface to configure these rules in form of a utility (also) called iptables.
Netfilter component has 5 hooks into the networking stack so that it can examine following packets
1) Incoming
2) Outgoing
3) Fowarding
4) Pre-routing
5) Post-routing
Though the first 3 are more used, last two are not behind while implementing a NAT (network address translation router using linux box) gateway or router. The difference being they require re-write of packet.
A detailed example of using iptables is given at the following link:
http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1114110,00.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment