Chapter 18. iptables

Chapter 18. iptables

18.1. Packet Filtering
18.2. Differences between iptables and ipchains
18.3. Options Used within iptables Commands
18.3.1. Structure of iptables Options
18.3.2. Command Options
18.3.3. iptables Parameter Options
18.3.4. iptables Match Options
18.3.5. Target Options
18.3.6. Listing Options
18.4. Saving iptables Rules
18.5. iptables Control Scripts
18.5.1. iptables Control Scripts Configuration File
18.6. ip6tables and IPv6
18.7. Additional Resources
18.7.1. Installed Documentation
18.7.2. Useful Websites

Included with Red Hat Enterprise Linux are advanced tools for network packet filtering — the process of controlling network packets as they enter, move through, and exit the network stack within the kernel. Kernel versions prior to 2.4 relied on ipchains for packet filtering and used lists of rules applied to packets at each step of the filtering process. The introduction of the 2.4 kernel brought with it iptables (also called netfilter), which is similar to ipchains but greatly expands the scope and control available for filtering network packets.

This chapter focuses on packet filtering basics, defines the differences between ipchains and iptables, explains various options available with iptables commands, and explains how filtering rules can be preserved between system reboots.

For instructions on constructing iptables rules or setting up a firewall based on these rules, refer to Section 18.7, “Additional Resources”.

Warning

The default firewall mechanism under the 2.4 and newer kernels is iptables, but iptables cannot be used if ipchains are already running. If ipchains is present at boot time, the kernel issues an error and fails to start iptables.

The functionality of ipchains is not affected by these errors.