This chapter introduced netfilter/iptables and iproute2. A very important thing for anyone building firewalls is to know how and where packets are analyzed. For that, we introduced a diagram of how packets traverse the chains in the filter, nat, and mangle tables for netfilter.
For beginners, a first look the iptables syntax might seem a bit difficult. An iptables rule contains the table on which we make an operation (filter table being default), a command (append
, insert
, delete
, list
), some filtering specifications to match the packets we want, and a target (DROP, ACCEPT, REJECT, LOG) that specifies what we want to do with the packet.
The iproute2 package introduces two complex tools. One is ip
, which can be used to set up Layer 3 communication like IP addresses and routing. tc
stands for traffic control, and it is used to implement QoS.
Before digging into tc
commands, we learned a bit of theory on classless and classful queuing disciplines. The best and most popular classful qdiscs...