Please enable Javascript to view the contents

Netfilter and IPTable and conntrack

 ·  ☕ 1 åˆ†é’Ÿ

Tables↓/Chains→ PREROUTING INPUT FORWARD OUTPUT POSTROUTING
(routing decision) ✓
raw ✓ ✓
(connection tracking enabled) ✓ ✓
mangle ✓ ✓ ✓ ✓ ✓
nat (DNAT) ✓ ✓
(routing decision) ✓ ✓
filter ✓ ✓ ✓
security ✓ ✓ ✓
nat (SNAT) ✓ ✓
  • Incoming packets destined for the local system: PREROUTING -> INPUT
  • Incoming packets destined to another host: PREROUTING -> FORWARD -> POSTROUTING
  • Locally generated packets: OUTPUT -> POSTROUTING

Connection Tracking

https://arthurchiao.art/blog/conntrack-design-and-implementation/

Ref.

https://www.digitalocean.com/community/tutorials/a-deep-dive-into-iptables-and-netfilter-architecture

分享

Mark Zhu
作者
Mark Zhu
Old Developer