A firewall is used to prevent unauthorized network access to a machine(s) while still allowing normal (or legal) traffic to pass through. The iptables
command is used to set up, configure, and view the tables of the IPv4 rules in the kernel. It is somewhat complicated and so this will serve as just a simple overview.
iptables
uses one or more tables. Each table has a number of pre-made chains and can also contain user-created chains. A chain is a list of rules, and a rule specifies what to do with a packet that matches. This “match” is called a
target.
When a packet does not match, the next rule in the chain is looked at. If it does match, one of the following can be specified for the packet:
ACCEPT
: It allows the packet to pass onDROP
: It rejects the packetQUEUE
: It passes the packet on to the user spaceRETURN
: It stops the running of this chain and continues at the next rule in the calling chain