инструмент администрирования для фильтрации пакетов IPv4 / IPv6 и NAT (administration tool for IPv4/IPv6 packet filtering and NAT)
COMPATIBILITY WITH IPCHAINS
This iptables is very similar to ipchains by Rusty Russell. The
main difference is that the chains INPUT and OUTPUT are only
traversed for packets coming into the local host and originating
from the local host respectively. Hence every packet only passes
through one of the three chains (except loopback traffic, which
involves both INPUT and OUTPUT chains); previously a forwarded
packet would pass through all three.
The other main difference is that -i refers to the input
interface; -o refers to the output interface, and both are
available for packets entering the FORWARD chain.
The various forms of NAT have been separated out; iptables is a
pure packet filter when using the default `filter' table, with
optional extension modules. This should simplify much of the
previous confusion over the combination of IP masquerading and
packet filtering seen previously. So the following options are
handled differently:
-j MASQ
-M -S
-M -L
There are several other changes in iptables.
