ubuntu:iptables:about_ip_tables
This is an old revision of the document!
Table of Contents
Ubuntu - IPTables - About IP Tables
iptables diagram
A diagram showing the order of iptables traversal.
netfilter hooks
+-----------> local +-----------+
| process |
| |
| |
| |
| v
MANGLE +-------------+--------+ +----------------------+ RAW
FILTER | | | | conntrack
SECURITY | input | | output | MANGLE
SNAT | | | | DNAT
+------+---------------+ +-------+--------------+ routing
^ |
| | FILTER
| | SECURITY
| +---------------------+ | +-------------+
+-----------+ | | +-------> | |
+--> |pre routing+---- route -----> | forward | |post routing +---->
| | lookup | +------------> | |
+-----------+ +---------------------+ +-------------+
RAW MANGLE MANGLE
conntrack FILTER SNAT
MANGLE SECURITY
DNAT
routing
NOTE:
- This is actually the netfilter hooks, as iptables uses netfilter.
The flow:
- Incoming packets destined for the local system: PREROUTING → INPUT.
- Incoming packets destined to another host: PREROUTING → FORWARD → POSTROUTING.
- Locally generated packets: OUTPUT → POSTROUTING.
Different Tables
- mangle: used to modify or mark packets: Mark is on the skbuf and not on the packet itself.
- filter: Do not modify traffic. Mostly used for firewalling.
- nat:
- raw: used to help skip conntrack.
References
ubuntu/iptables/about_ip_tables.1748860322.txt.gz · Last modified: 2025/06/02 10:32 by peter