I think many people want to figure out how to use iptables to build a firewall, I also confused for this question for a long time, but now I solved this problem, I finally learned to use iptables to do firewalls. Below I will do my best to explain some of the basic knowledge to everyone. The data to be transmitted online will be divided into many small packets, once we turn on the network, there will be many data packages, leave, or pass through our computer. First we have to understand how the firewall treats these packets. These packets will pass some of the corresponding rule chains. For example, the data package to enter your computer will first enter the INPUT chain, from our computer, the data packet will pass through the Output chain, if a computer is a network gateway (current And two networks connected to the computer, the data packets that communicate with each other in two networks will pass through this computer), and there may be many data, and these data packs must be treated by the Forward chain. Understand the concept of these "chains" can we learn to use iptables. Now let's analyze how the iptables rules work, if we have to visit the website www.yahoo.com, we have to make a request for www.yahoo.com, these packets have to pass the Output chain, before the request, Linux kernel Will check if there is no corresponding rule for this packet in the OUTPUT chain, if there is no corresponding rule, the Output chain will have the default rules, or allow, or not allowed (in fact, there are two kinds, one is Refuse the request, telling the procedure requested to be rejected; there is a discard, let the request sender silly, until the timeout). If it is allowed, the request is issued, and the packet returned by the www.yahoo.com server will pass through the Input chain. Of course, there will be corresponding rules in the Input chain. Below we introduce several iptable commands iptables -l [-t filter] This command is displayed that there is a firewall rule that has been set up. The possible display results are as follows: CHAIN INPUT (Policy Accept) Target Prot Opt Source Destination Chain Forward (Policy ACCEPT) Target Prot Opt Source Destination Chain Output (Policy Accept) Target Prot Opt Source Destination From here we can see that there is a chain input, forward, output in the Filter. When the unit is communicating with the outside, or the outside world, the information will be in the input and output, out of which POLICY Accept from parentheses can also know that this chain is ACCEPT, that is, said, Under the constraint without other rules, all packets are allowed by this rule.
