Security, the network has always been a doesnot topic.
Only network there will be a security issue, you will face the risk of attack. After you use the kernel in Linux2.4 iptables/netfilter network infrastructure implementation report filtering firewall. To some extent replaced hardware firewall commonly used function, to create a secure network environment, the so called "packet filter" technology, that is by matching data in the "tuple"---source ip, destination ip, source port, destination port and Protocol (ip, tcp, udp, icmp, etc.). General network firewall that is passed to the data-matching, to guarantee the security of the intranet. Iptables and netfilter, first clear the two concepts: 1.linux Firewall is the Linux kernel, which is not a system service is implemented by the linux kernel, is to use the netfilter framework to implement this functionality. 2.iptables just netfilter's management tools. Through the iptables firewall management to implement the strategy. Second, iptables "three discipline" and "five note" 1. the three disciplines: natfilter and mangle2. five Note: PREROUTING, FORWARD, POSTROUTING, INPUT, OUTPUT its framework diagram as follows:--------PREROUTING-→ [ROUTING]----> FORWARD-----→ POSTROUTINGmangle | mangle ↑ manglenat | filter | nat | | ↓ | INPUTOUTPUT | mangle | mangle ↓ natfilter | filter |--------------Local-----------→ | which filter, nat, mangel-rules table, the other five to rule chain. These rules are contained in the rule in the chain, chain included in rules table. Nat for address translation, filter for packet filtering (with most of that is it), mangel for Policy Routing and traffic shaping (a little taste of QOS) assign, rule chain as follows: * filter: INPUT, FORWARD, OUTPUT * nat: PREROUTING or POSTROUTING, OUTPUT * mangel: PREROUTING, POSTROUTING, OUTPUT, INPUT, FORWARD
No comments:
Post a Comment