iptables chain
+---------------------------------------------------------+
| Network Card |
+---------------------------------------------------------+
| ^
| |
v |
+----------+ is? no +-------+ +-----------+
|prerouting| ----> localhost ------> |forward| ----> |postrouting|
+----------+ | +-------+ +-----------+
| yes ^
| |
v |
+---------+ +-----------+
| input | | output |
+---------+ +-----------+
| ^
| |
| |
v |
+----------------------------------------------------------+
| user |
+----------------------------------------------------------+
out -> localhost: prerouting -> input
forward: prerouting -> forward -> postrouting
localhost -> out: output -> postroutingiptables table:
- filter:
- nat:
- magle:
- raw:
table <-> chain
raw: PREROUTING, OUTPUT
mangle: PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING
nat: PREROUTING, OUTPUT, POSTROUTING, INPUT
filter: INPUT, FORWARD, OUTPUT
raw –> mangle –> nat –> filter
chain <-> table
PREROUTING: raw, mangle, nat
INPUT: mangle, filter, nat
FORWARD: mangle, filter
OUTPUT: raw, mangle, nat, filter
POSTROUTING: mangle, natquery
iptables -t <table> -nvL <chain>