Please enable Javascript to view the contents

Netfilter and IPTable and conntrack

 ·  ☕ 1 分钟

Tables↓/Chains→ PREROUTING INPUT FORWARD OUTPUT POSTROUTING
(routing decision)
raw
(connection tracking enabled)
mangle
nat (DNAT)
(routing decision)
filter
security
nat (SNAT)
  • Incoming packets destined for the local system: PREROUTING -> INPUT
  • Incoming packets destined to another host: PREROUTING -> FORWARD -> POSTROUTING
  • Locally generated packets: OUTPUT -> POSTROUTING

Connection Tracking

https://arthurchiao.art/blog/conntrack-design-and-implementation/

Ref.

https://www.digitalocean.com/community/tutorials/a-deep-dive-into-iptables-and-netfilter-architecture

分享
Mark Zhu
作者
Mark Zhu
Old Developer

相关内容