Linux iptables Pocket Reference

Book description

Firewalls, Network Address Translation (NAT), network logging and accounting are all provided by Linux's Netfilter system, also known by the name of the command used to administer it, iptables. The iptables interface is the most sophisticated ever offered onLinux and makes Linux an extremely flexible system for any kind of network filtering you might do. Large sets of filtering rules can be grouped in ways that makes it easy to test them and turn them on and off.Do you watch for all types of ICMP traffic--some of them quite dangerous? Can you take advantage of stateful filtering to simplify the management of TCP connections? Would you like to track how much traffic of various types you get?This pocket reference will help you at those critical moments when someone asks you to open or close a port in a hurry, either to enable some important traffic or to block an attack. The book will keep the subtle syntax straight and help you remember all the values you have to enter in order to be as secure as possible. The book has an introductory section that describes applications,followed by a reference/encyclopaedic section with all the matches and targets arranged alphabetically.

Publisher resources

View/Submit Errata

Table of contents

  1. Linux iptables Pocket Reference
  2. Dedication
  3. 1. Linux iptables Pocket Reference
    1. Introduction
      1. An Example Command
      2. Concepts
        1. Tables
        2. Chains
        3. Packet flow
        4. Rules
        5. Matches
        6. Targets
      3. Applications
      4. Configuring iptables
        1. Persistent rules
        2. Other configuration files
        3. Compiling your own kernel
      5. Connection Tracking
      6. Accounting
      7. Network Address Translation (NAT)
      8. Source NAT and Masquerading
      9. Destination NAT
      10. Transparent Proxying
      11. Load Distribution and Balancing
      12. Stateless and Stateful Firewalls
      13. Tools of the Trade
    2. iptables Command Reference
      1. Getting help
      2. The iptables Subcommands
      3. iptables Matches and Targets
        1. Internet Protocol (IPv4) matches
        2. ACCEPT target
        3. ah match
        4. connmark Match
        5. CONNMARK target
        6. conntrack match
        7. DNAT target
        8. DROP target
        9. dscp match
        10. DSCP target
        11. ecn match
        12. ECN target
        13. esp match
        14. FTOS target
        15. helper match
        16. icmp match
        17. ip (Internet Protocol IPv4) matches
        18. iplimit match
        19. ipv4options match
        20. IPV4OPTSSTRIP target
        21. length match
        22. limit match
        23. LOG target
        24. mac match
        25. mark match
        26. MARK target
        27. MASQUERADE target
        28. multiport match
        29. NETLINK target
        30. NETMAP target
        31. nth match
        32. owner match
        33. pkttype match
        34. pool match
        35. POOL target
        36. psd (Port Scan Detector) match
        37. QUEUE target
        38. quota match
        39. random match
        40. realm match
        41. recent match
        42. record-rpc match
        43. REDIRECT target
        44. REJECT target
        45. RETURN target
        46. ROUTE target
        47. SAME target
        48. SNAT target
        49. state match
        50. string match
        51. tcp match
        52. tcpmss match
        53. TCPMSS target
        54. time match
        55. tos match
        56. TOS target
        57. ttl match
        58. TTL target
        59. udp match
        60. ULOG target
        61. unclean match
    3. Utility Command Reference
      1. iptables-restore
      2. iptables-save
  4. Index
  5. About the Author
  6. Copyright

Product information

  • Title: Linux iptables Pocket Reference
  • Author(s): Gregor N. Purdy
  • Release date: August 2004
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9780596005696