لطفا منتظر باشید ...
Chapter 25.
Configuring iptables
The job of the TCP/IP stack in the Linux
kernel is to receive data from an application, pack it up, and send it out a
network port; and to receive data from the network, unpack it, and deliver it
to an application. In theory, the kernel shouldn't alter or adjust the data in
any but very specific ways that are permitted by the TCP/IP protocols. One
particularly useful routing and security tool, though, violates this
theoretical ideal. The iptables utility configures the Linux kernel to filter and even alter data
packets based on various criteria, such as the packets' source and destination
addresses. This makes iptables the standard utility for implementing certain network tools, most
importantly packet-filter firewalls and Network Address Translation (NAT). This
chapter covers these two topics and a couple of subsidiary topics: port
redirection and iptables logging. All of these tools can be used to help secure a network,
or sometimes just one computer.This chapter's coverage of iptables is
enough to help you implement some of the more common types of firewalls or
other packet filtering tools. If you want to set up a particularly complex
firewall, though, you may want to consult additional sources. Ziegler's Linux Firewalls, 2nd Edition (New Riders, 2001) and Sonnenreich
and Yates's Building Linux and OpenBSD Firewalls
(Wiley, 2000) are both useful resources, although the latter covers iptables '
predecessor tool, ipchains , rather than iptables .
