Home > Articles > Operating Systems, Server > Linux/UNIX/Open Source

More on Modules

  • Print
  • + Share This

The Filter Table

The filter table itself is principally designed to deal with matching packets either to pass or not to pass, be it by dropping the packet or rejecting it (sending an error message back to the sender). Logging can also be applied to any packet before it meets its final destiny. The filter table is comprised of the built-in chains INPUT, OUTPUT, and FORWARD, and, of course, any user-defined chains not declared to be part of the nat or mangle chains.

One thing to keep in mind before we start building rules is that user-defined chains will exist only within one table, either the filter table (by default), the nat table, or the mangle table. Once declared, rules that are written within those chains must conform to those tables. As you'll see, you can't create a rule to mangle a packet in a filter table chain. Likewise, you'll see that you can't create a rule involving the nat table (which has available only the OUTPUT, POSTROUTING, and user-created nat chains) and specify an input device in the rule. While it may be possible to build a rule that no packet can ever match, it doesn't make a whole lot of sense to do so.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.