IPTABLES: table types

Iptables Operation

If you don't know anything about IPTABLES, I recommend you to read our first introductory article to IPTABLES in order to take a base before beginning to explain the subject of the tables in this fantastic element of the Linux kernel to filter and act as a powerful and effective firewall or firewall. And it is that security is something that worries and more and more, but if you are Linux you are in luck, since Linux implements one of the best tools that we can find to fight against threats.

IPTABLES, as you should already know, integrates into the Linux kernel itself, and is part of the netfilter project, which in addition to iptables is made up of ip6tables, ebtables, arptables and ipset. It is a highly configurable and flexible firewall like most Linux elements, and despite having had some vulnerability, it is nonetheless especially powerful. Being inside the kernel, it starts with the system and remains active all the time and being at the kernel level, it will receive packets and these will be accepted or rejected by consulting the iptables rules.

The three types of tables:

However iptables works thanks to a number of table types which is the main topic of this article.

MANGLE tables

All the MANGLE boards They are in charge of modifying the packages, and for this they have the options:

  • COUGH: Type Of Service is used to define the type of service for a packet and should be used to define how packets should be routed, not for packets going to the Internet. Most routers ignore the value of this field or may act imperfectly if used for their Internet output.

  • TTL: changes the lifetime field of a package. Its acronym stands for Time To Live and, for example, it can be used for when we do not want to be discovered by certain Internet service providers (ISPs) that are too snooping.

  • Mark: used to mark packets with specific values, managing to limit bandwidth and generate queues through CBQ (Class Based Queuing). Later they can be recognized by programs such as iproute2 to carry out the different routings depending on the brand that these packets have or not.

Perhaps these options do not sound familiar to you from the first article, since we do not touch any of them.

NAT tables: PREROUTING, POSTROUTING

All the NAT (Network Address Translation) tables, that is, network address translation, will be consulted when a packet creates a new connection. They allow a public IP to be shared among many computers, which is why they are essential in the IPv4 protocol. With them we can add rules to modify the IP addresses of the packets, and they contain two rules: SNAT (IP masquerading) for the source address and DNAT (Port Forwarding) for the destination addresses.

For Make modifications, allows us three options we already saw some of them in the first iptables article:

  • PRE-ROUTING: to modify packages as soon as they arrive at the computer.
  • OUTPUT: for the output of packets that are generated locally and will be routed for their output.
  • POST-ROUTING: modify packages that are ready to leave the computer.

Filtering Tables:

All the filter tables they are used by default to manage data packets. These are the most used and are responsible for filtering the packets as the firewall or filter has been configured. All packages go through this table, and for modification you have three predefined options that we also saw in the introductory article:

  • INPUT: for input, that is, all packets destined to enter our system must go through this chain.
  • OUTPUT: for the output, all those packages created by the system and that are going to leave it to another device.
  • FORWARD: redirection, as you may already know, simply redirects them to their new destination, affecting all packets that go through this chain.

Iptables tables

Finally I would like to say that each network packet sent or received on a Linux system must be subject to one of these tables, at least one of them or several at the same time. It must also be subject to multiple table rules. For example, with ACCEPT it is allowed to continue on its way, with DROP access is denied or not sent, and with REJECT it is simply discarded, without sending an error to the server or computer that sent the packet. As you see, each table has its targets or policies for each of the options or chains mentioned above. And these are the ones mentioned here as ACCEPT, DROP and REJECT, but there is another one like QUEUE, the latter, which you may not know, is used to process the packets that arrive through a certain process, regardless of their address.

Well, as you can see, iptables is a bit arduous to explain it in a single article in a deep way, I hope that with the first article you will have a basic idea of ​​using iptables with some examples, and here some more theory. Leave your comments, doubts or contributions, they will be welcome.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.