mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Remove netfilter_overview for documentation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@231 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
13892d9f46
commit
1b72298194
@ -1,140 +0,0 @@
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<meta http-equiv="Content-Language" content="en-us">
|
||||
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
||||
<meta name="ProgId" content="FrontPage.Editor.Document">
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
|
||||
<title>Netfilter Overview</title>
|
||||
<meta name="Microsoft Theme" content="boldstri 011, default">
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
||||
<h1 align="center">Netfilter Overview</h1>
|
||||
<div align="left">
|
||||
<p align="left"> </div>
|
||||
<h2 align="left">1.0 Tables</h2>
|
||||
|
||||
<p align="left"><i>Chains</i> of <i>rules </i>are organized into <i>Tables.</i>
|
||||
Netfilter currently has three tables.</p>
|
||||
|
||||
<ol>
|
||||
<li>
|
||||
<p align="left">Mangle Table - This allows the contents of the packet to be
|
||||
changed. Shorewall uses rules in this table to mark packets for traffic
|
||||
shaping/control (/etc/shorewall/tcrules file) and for setting the Type of
|
||||
Service (TOS) for the packet (/etc/shorewall/tos).</p>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<p align="left">NAT Table - Allows modification of the source and destination IP
|
||||
and port.</p>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<p align="left">Filter Table - This is where most ACCEPT/DROP/REJECT decisions
|
||||
are made in Shorewall.</p>
|
||||
|
||||
</li>
|
||||
</ol>
|
||||
<p align="left">Each table has a number of <i>pre-defined chains</i> as shown in
|
||||
the table that follows. Packets flow through the chains in the order of that
|
||||
table.</p>
|
||||
|
||||
<blockquote>
|
||||
<table border="1" style="border-collapse: collapse" cellpadding="2" id="AutoNumber10" width="895">
|
||||
<tr>
|
||||
<td width="50"><u><b>Ordinal</b></u></td>
|
||||
<td width="51"><u><b>Table</b></u></td>
|
||||
<td width="112"><u><b>Chain</b></u></td>
|
||||
<td width="346"><u><b>Shorewall Usage</b></u></td>
|
||||
<td width="310"><u><b>Comments</b></u></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td width="50">1</td>
|
||||
<td width="51">Mangle</td>
|
||||
<td width="112">PREROUTING</td>
|
||||
<td width="346">
|
||||
<ol>
|
||||
<li>RFC 1918 Destination Rejections</li>
|
||||
<li>Marking Packets for Traffic Control</li>
|
||||
<li>TOS</li>
|
||||
</ol>
|
||||
</td>
|
||||
<td width="310"> </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td width="50">2</td>
|
||||
<td width="51">NAT</td>
|
||||
<td width="112">PREROUTING</td>
|
||||
<td width="346">
|
||||
<ol>
|
||||
<li>DNAT Rules</li>
|
||||
<li>Static NAT DNAT mapping</li>
|
||||
</ol>
|
||||
</td>
|
||||
<td width="310">Only connection requests go here -- packets that are part of or
|
||||
related to an established connection use information from the connection
|
||||
tracking table.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td width="50">3</td>
|
||||
<td width="51">Filter</td>
|
||||
<td width="112">INPUT</td>
|
||||
<td width="346"><i><zone></i>2<b>fw</b> filtering</td>
|
||||
<td width="310"> </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td width="50">3</td>
|
||||
<td width="51">Filter</td>
|
||||
<td width="112">FORWARD</td>
|
||||
<td width="346"><i><zone></i>2<i><zone></i> filtering</td>
|
||||
<td width="310"> </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td width="50">3</td>
|
||||
<td width="51">Filter</td>
|
||||
<td width="112">OUTPUT</td>
|
||||
<td width="346"><b>fw</b>2<i><zone></i> filtering</td>
|
||||
<td width="310"> </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td width="50">4</td>
|
||||
<td width="51">Mangle</td>
|
||||
<td width="112">POSTROUTING</td>
|
||||
<td width="346">TOS</td>
|
||||
<td width="310"> </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td width="50">5</td>
|
||||
<td width="51">NAT</td>
|
||||
<td width="112">OUTPUT</td>
|
||||
<td width="346">DNAT rules where the source zone is <b>fw</b></td>
|
||||
<td width="310">Only connection requests go here -- packets that are part of or
|
||||
related to an established connection use information from the connection
|
||||
tracking table.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td width="50">5</td>
|
||||
<td width="51">NAT</td>
|
||||
<td width="112">POSTROUTING</td>
|
||||
<td width="346">
|
||||
<ol>
|
||||
<li>Masquerading (/etc/shoreawll/masq)</li>
|
||||
<li>SNAT (/etc/shorewall/masq)</li>
|
||||
<li>Static NAT SNAT Mapping</li>
|
||||
</ol>
|
||||
</td>
|
||||
<td width="310">Only connection requests go here -- packets that are part of or
|
||||
related to an established connection use information from the connection
|
||||
tracking table.</td>
|
||||
</tr>
|
||||
</table>
|
||||
</blockquote>
|
||||
<p align="left">The connection tracking table can be displayed using the
|
||||
"shorewall show connections" command.</p>
|
||||
|
||||
</body>
|
||||
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user