Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   iptables    ( 8 )

инструмент администрирования для фильтрации пакетов IPv4 / IPv6 и NAT (administration tool for IPv4/IPv6 packet filtering and NAT)

  Name  |  Synopsis  |  Description  |  Targets  |  Tables  |  Options  |  Lock file  |  Match and target extensions  |  Diagnostic  |  Bugs  |    Compatibility with ipchains    |  See also  |

COMPATIBILITY WITH IPCHAINS

This iptables is very similar to ipchains by Rusty Russell.  The
       main difference is that the chains INPUT and OUTPUT are only
       traversed for packets coming into the local host and originating
       from the local host respectively.  Hence every packet only passes
       through one of the three chains (except loopback traffic, which
       involves both INPUT and OUTPUT chains); previously a forwarded
       packet would pass through all three.

The other main difference is that -i refers to the input interface; -o refers to the output interface, and both are available for packets entering the FORWARD chain.

The various forms of NAT have been separated out; iptables is a pure packet filter when using the default `filter' table, with optional extension modules. This should simplify much of the previous confusion over the combination of IP masquerading and packet filtering seen previously. So the following options are handled differently: -j MASQ -M -S -M -L There are several other changes in iptables.