From 1b72298194ca03fca55b7cc0a6bf4ad6f0e99668 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 2 Sep 2002 19:57:07 +0000 Subject: [PATCH] Remove netfilter_overview for documentation git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@231 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- STABLE/documentation/netfilter_overview.htm | 140 -------------------- 1 file changed, 140 deletions(-) delete mode 100644 STABLE/documentation/netfilter_overview.htm diff --git a/STABLE/documentation/netfilter_overview.htm b/STABLE/documentation/netfilter_overview.htm deleted file mode 100644 index 399d36259..000000000 --- a/STABLE/documentation/netfilter_overview.htm +++ /dev/null @@ -1,140 +0,0 @@ - - - - - - - -Netfilter Overview - - - - - -

Netfilter Overview

-
-

 

-

1.0 Tables

- -

Chains of rules are organized into Tables. -Netfilter currently has three tables.

- -
    -
  1. -

    Mangle Table - This allows the contents of the packet to be -changed. Shorewall uses rules in this table to mark packets for traffic -shaping/control (/etc/shorewall/tcrules file) and for setting the Type of -Service (TOS) for the packet (/etc/shorewall/tos).

    - -
  2. -
  3. -

    NAT Table - Allows modification of the source and destination IP -and port.

    - -
  4. -
  5. -

    Filter Table - This is where most ACCEPT/DROP/REJECT decisions -are made in Shorewall.

    - -
  6. -
-

Each table has a number of pre-defined chains as shown in -the table that follows. Packets flow through the chains in the order of that -table.

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OrdinalTableChainShorewall UsageComments
1ManglePREROUTING -
    -
  1. RFC 1918 Destination Rejections
  2. -
  3. Marking Packets for Traffic Control
  4. -
  5. TOS
  6. -
-
 
2NATPREROUTING -
    -
  1. DNAT Rules
  2. -
  3. Static NAT DNAT mapping
  4. -
-
Only connection requests go here -- packets that are part of or - related to an established connection use information from the connection - tracking table.
3FilterINPUT<zone>2fw filtering 
3FilterFORWARD<zone>2<zone> filtering 
3FilterOUTPUTfw2<zone> filtering 
4ManglePOSTROUTINGTOS 
5NATOUTPUTDNAT rules where the source zone is fwOnly connection requests go here -- packets that are part of or - related to an established connection use information from the connection - tracking table.
5NATPOSTROUTING -
    -
  1. Masquerading (/etc/shoreawll/masq)
  2. -
  3. SNAT (/etc/shorewall/masq)
  4. -
  5. Static NAT SNAT Mapping
  6. -
-
Only connection requests go here -- packets that are part of or - related to an established connection use information from the connection - tracking table.
-
-

The connection tracking table can be displayed using the -"shorewall show connections" command.

- - - -