Linux iptables

Packet Flow in Netfilter

Concept

  • 4 Tables after kernel version 2.6.x
    • Raw
    • Mangle
    • Nat
    • Filter (Default Table in iptables)

Scenario

SNAT

Port Forwarding

  • iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 3389 -j DNAT --to-destination <TARGET_IP>:3389

Drop ICMP Packet

  • iptables -t filter -A FORWARD -p ICMP -j DROP