iptables chain
+---------------------------------------------------------+ | Network Card | +---------------------------------------------------------+ | ^ | | v | +----------+ is? no +-------+ +-----------+ |prerouting| ----> localhost ------> |forward| ----> |postrouting| +----------+ | +-------+ +-----------+ | yes ^ | | v | +---------+ +-----------+ | input | | output | +---------+ +-----------+ | ^ | | | | v | +----------------------------------------------------------+ | user | +----------------------------------------------------------+ out -> localhost: prerouting -> inputforward: prerouting -> forward -> postroutinglocalhost -> out: output -> postroutingiptables table:
- filter:
- nat:
- magle:
- raw:
table <-> chain raw: PREROUTING, OUTPUT mangle: PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING nat: PREROUTING, OUTPUT, POSTROUTING, INPUT filter: INPUT, FORWARD, OUTPUT raw –> mangle –> nat –> filter chain <-> tablePREROUTING: raw, mangle, natINPUT: mangle, filter, natFORWARD: mangle, filterOUTPUT: raw, mangle, nat, filterPOSTROUTING: mangle, natquery
iptables -t <table> -nvL <chain>
0 件のコメント