In the process of setting up your firewall rules, you
will temporarily cut off all communications to and from the machine, so do not try this on a machine
that must stay connected to the network.
This example procedure illustrates a case where you have two Ethernet interfaces on a computer
(as is typical with a dedicated firewall). The interface defined as eth0 is connected to the Internet,
and the interface defined as eth1 is connected to a private network of computers that the firewall
is protecting. Presumably, the private computers are a bunch of desktop computers that need to go
through the firewall to browse the Internet.
472
Choosing and Installing a Linux Distribution Part III
Iptables lets you set up tables containing rules for how to handle Internet Protocol (IP) packets that
enter the computer. The filtering table is the table you use by default (-t filter) if none is specified
on the iptables command line. Other firewall tables you can configure include NAT (-t nat)
and mangle (-t mangle). Special uses of NAT and mangle tables will be explained later. It??™s the
filter table that??™s used in this example.
Rules for what to do with packets that enter and leave the firewall are defined within the context of
what are called chains. Available chains for filter tables are INPUT (packets received by the firewall),
FORWARD (packets to be routed through the firewall), and OUTPUT (packets created on the local
firewall itself).
Pages:
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926