Cover image for Linux iptables Pocket Reference

Book description

Firewalls, Network Address Translation (NAT), network logging and accounting are all provided by Linux's Netfilter system, also known by the name of the command used to administer it, iptables. The iptables interface is the most sophisticated ever offered on Linux and makes Linux an extremely flexible system for any kind of network filtering you might do. Large sets of filtering rules can be grouped in ways that makes it easy to test them and turn them on and off. Do you watch for all types of ICMP traffic--some of them quite dangerous? Can you take advantage of stateful filtering to simplify the management of TCP connections? Would you like to track how much traffic of various types you get? This pocket reference will help you at those critical moments when someone asks you to open or close a port in a hurry, either to enable some important traffic or to block an attack. The book will keep the subtle syntax straight and help you remember all the values you have to enter in order to be as secure as possible. The book has an introductory section that describes applications,followed by a reference/encyclopaedic section with all the matches and targets arranged alphabetically.

Table of Contents

  1. Linux iptables Pocket Reference
    1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
    2. 1. Linux iptables Pocket Reference
      1. Introduction
        1. An Example Command
        2. Concepts
          1. Tables
          2. Chains
          3. Packet flow
          4. Rules
          5. Matches
          6. Targets
        3. Applications
        4. Configuring iptables
          1. Persistent rules
          2. Other configuration files
          3. Compiling your own kernel
        5. Connection Tracking
        6. Accounting
        7. Network Address Translation (NAT)
        8. Source NAT and Masquerading
        9. Destination NAT
        10. Transparent Proxying
        11. Load Distribution and Balancing
        12. Stateless and Stateful Firewalls
        13. Tools of the Trade
      2. iptables Command Reference
        1. Getting help
        2. The iptables Subcommands
        3. iptables Matches and Targets
          1. Internet Protocol (IPv4) matches
          2. ACCEPT target
          3. ah match
          4. connmark Match
          5. CONNMARK target
          6. conntrack match
          7. DNAT target
          8. DROP target
          9. dscp match
          10. DSCP target
          11. ecn match
          12. ECN target
          13. esp match
          14. FTOS target
          15. helper match
          16. icmp match
          17. ip (Internet Protocol IPv4) matches
          18. iplimit match
          19. ipv4options match
          20. IPV4OPTSSTRIP target
          21. length match
          22. limit match
          23. LOG target
          24. mac match
          25. mark match
          26. MARK target
          27. MASQUERADE target
          28. multiport match
          29. NETLINK target
          30. NETMAP target
          31. nth match
          32. owner match
          33. pkttype match
          34. pool match
          35. POOL target
          36. psd (Port Scan Detector) match
          37. QUEUE target
          38. quota match
          39. random match
          40. realm match
          41. recent match
          42. record-rpc match
          43. REDIRECT target
          44. REJECT target
          45. RETURN target
          46. ROUTE target
          47. SAME target
          48. SNAT target
          49. state match
          50. string match
          51. tcp match
          52. tcpmss match
          53. TCPMSS target
          54. time match
          55. tos match
          56. TOS target
          57. ttl match
          58. TTL target
          59. udp match
          60. ULOG target
          61. unclean match
      3. Utility Command Reference
        1. iptables-restore
        2. iptables-save
    3. Index
    4. About the Author
    5. SPECIAL OFFER: Upgrade this ebook with O’Reilly