linux 防火墙——iptables（Linux Firewall - iptables）.doc

linux 防火墙——iptables（Linux Firewall - iptables） Linux Firewall - Iptables 1 firewall classification: A, hardware firewall and software firewall Hardware firewall, Cisco, PIX, ASA, juniper, NetScreen abroad ? domestic Lenovo, Topsec etc. B, software firewall: iptables under Microsoft, ISA and Linux Configuring firewall with iptables can achieve the same function as hardware firewall, and it is an ideal choice for small enterprises to use iptables. Firewall is an essential defense mechanism for Linux systems connected to the network. It allows only legitimate network traffic to flow into and out of the system, and prohibits any other network traffic. To determine whether network traffic is legal, the firewall relies on a set of rules that it contains, predefined by the network or system administrator. These rules tell the firewall whether a traffic is legal and what to do about the network traffic from a source, to a destination, or with some protocol type. 2, what is iptables? Iptables is a firewall based on packet filtering. Packet filtering: network traffic consists of IP packets flowing from the source system to some small bits of data in the destination system. These packets contain Baotou, which is the number of data bits attached to the front of each package. They contain information about the source, destination address, and protocol type of the packet. The firewall checks the header of the IP packet based on a set of rules to determine which package to accept or which package to reject. This process is called packet filtering. Iptables requires more than 2.4 version of kernel support. Iptables is just a tool for managing kernel packet filtering that allows you to add, modify, or delete rules in the core packet filter table (chain). In fact, the actual implementation of these filtering rules is the Netfilter (a generic architecture in the Linux kernel) and its associated modules (such as the iptables module and the NAT module). The IP packet filtering system co