Embedded Files
Post date: May 24, 2011 12:50:11 PM
Via website cryptoanarchy.org, a nice handy ASCII graph of all tables and their default chains:
{ network } <---------------------- packets enter your computer via a | physical or virtual interface | (PREROUTING) *nom nom nom nom* raw | mangle | nat | { kernel decides which table should be used } <---- if the packet has destination equals to any / \ of the computers own IP-addresses, it will (FORWARD) / \ (INPUT) be sent to the INPUT table. Otherwise it is mangle mangle sent to the FORWARD table, assuming that | | net.ipv4.conf.*.forwarding = 1, otherwise filter filter it should be dropped. | | | { program } <----------- Programs that run on the computer AND is listening on | | the destination protocol AND port of arriving packets | raw (OUTPUT) from the INPUT chain will be fed with them. Programs | | running on your computer poops their packets out at | mangle the OUTPUT table. | | | nat | | | filter Legend: \ / (X) -> X is a table \ / {X} -> X is something obvious { the packet is put in POSTROUTING } X -> X is a chain | mangle (POSTROUTING) | nat The packet is ejected by some network interface. It could mean | that the packet is put on a physical network or that it is { network } <--------------------- sent by a virtual networkinterface to a real network interface, in which case it could *again* enter the PREROUTING table.
Additional links of a similar nature, all from the same website
Page updated
Google Sites
Report abuse