Remove netfilter_overview for documentation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@231 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-09-02 19:57:07 +00:00
parent 13892d9f46
commit 1b72298194

View File

@ -1,140 +0,0 @@
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Netfilter Overview</title>
<meta name="Microsoft Theme" content="boldstri 011, default">
</head>
<body>
<h1 align="center">Netfilter Overview</h1>
<div align="left">
<p align="left">&nbsp;</div>
<h2 align="left">1.0 Tables</h2>
<p align="left"><i>Chains</i> of <i>rules </i>are organized into <i>Tables.</i>
Netfilter currently has three tables.</p>
<ol>
<li>
<p align="left">Mangle Table - This allows the contents of the packet to be
changed. Shorewall uses rules in this table to mark packets for traffic
shaping/control (/etc/shorewall/tcrules file) and for setting the Type of
Service (TOS) for the packet (/etc/shorewall/tos).</p>
</li>
<li>
<p align="left">NAT Table - Allows modification of the source and destination IP
and port.</p>
</li>
<li>
<p align="left">Filter Table - This is where most ACCEPT/DROP/REJECT decisions
are made in Shorewall.</p>
</li>
</ol>
<p align="left">Each table has a number of <i>pre-defined chains</i> as shown in
the table that follows. Packets flow through the chains in the order of that
table.</p>
<blockquote>
<table border="1" style="border-collapse: collapse" cellpadding="2" id="AutoNumber10" width="895">
<tr>
<td width="50"><u><b>Ordinal</b></u></td>
<td width="51"><u><b>Table</b></u></td>
<td width="112"><u><b>Chain</b></u></td>
<td width="346"><u><b>Shorewall Usage</b></u></td>
<td width="310"><u><b>Comments</b></u></td>
</tr>
<tr>
<td width="50">1</td>
<td width="51">Mangle</td>
<td width="112">PREROUTING</td>
<td width="346">
<ol>
<li>RFC 1918 Destination Rejections</li>
<li>Marking Packets for Traffic Control</li>
<li>TOS</li>
</ol>
</td>
<td width="310">&nbsp;</td>
</tr>
<tr>
<td width="50">2</td>
<td width="51">NAT</td>
<td width="112">PREROUTING</td>
<td width="346">
<ol>
<li>DNAT Rules</li>
<li>Static NAT DNAT mapping</li>
</ol>
</td>
<td width="310">Only connection requests go here -- packets that are part of or
related to an established connection use information from the connection
tracking table.</td>
</tr>
<tr>
<td width="50">3</td>
<td width="51">Filter</td>
<td width="112">INPUT</td>
<td width="346"><i>&lt;zone&gt;</i>2<b>fw</b> filtering</td>
<td width="310">&nbsp;</td>
</tr>
<tr>
<td width="50">3</td>
<td width="51">Filter</td>
<td width="112">FORWARD</td>
<td width="346"><i>&lt;zone&gt;</i>2<i>&lt;zone&gt;</i> filtering</td>
<td width="310">&nbsp;</td>
</tr>
<tr>
<td width="50">3</td>
<td width="51">Filter</td>
<td width="112">OUTPUT</td>
<td width="346"><b>fw</b>2<i>&lt;zone&gt;</i> filtering</td>
<td width="310">&nbsp;</td>
</tr>
<tr>
<td width="50">4</td>
<td width="51">Mangle</td>
<td width="112">POSTROUTING</td>
<td width="346">TOS</td>
<td width="310">&nbsp;</td>
</tr>
<tr>
<td width="50">5</td>
<td width="51">NAT</td>
<td width="112">OUTPUT</td>
<td width="346">DNAT rules where the source zone is <b>fw</b></td>
<td width="310">Only connection requests go here -- packets that are part of or
related to an established connection use information from the connection
tracking table.</td>
</tr>
<tr>
<td width="50">5</td>
<td width="51">NAT</td>
<td width="112">POSTROUTING</td>
<td width="346">
<ol>
<li>Masquerading (/etc/shoreawll/masq)</li>
<li>SNAT (/etc/shorewall/masq)</li>
<li>Static NAT SNAT Mapping</li>
</ol>
</td>
<td width="310">Only connection requests go here -- packets that are part of or
related to an established connection use information from the connection
tracking table.</td>
</tr>
</table>
</blockquote>
<p align="left">The connection tracking table can be displayed using the
&quot;shorewall show connections&quot; command.</p>
</body>
</html>