Tables
|
Chains
|
FILTER
|
|
NAT
|
- PREROUTING
- OUTPUT
- POSTROUTING
|
MANGLE
(modify ip headers)
|
- PREROUTING
- POSTROUTING
- OUTPUT
- INPUT
- FORWARD
|
RAW
(connection tracking)
|
|
SECURITY
|
|
|
|
Targets
|
REJECT
|
DROP
|
ACCEPT
|
RETURN
|
MASQUERADE
|
|
Basics
iptables
-A (append - add rule at end)
-C (check)
-D (delete - remove rule)
-F (flush - remove all rules)
-I (insert - add at position)
-L (list - show all rules in chain)
-N (new chain)
-X (delete chain)
-i (input interface)
-o (output interface)
-s (source address)
-d (destination address)
-j (target)
-t (table to manipulate (default: filter)
-n (numeric output of addresses and ports)
View state
iptables -L
raspi wifi to ethernet
- rc.local
- iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
- iptables --append FORWARD --in-interface eth0 -j ACCEPT