IP Tables

IP tables, it’s an command line linux firewall utility program which allow a system admin for configuration in a linux environment.  It works by checking the packets crossing the network by following some rules to allow or block the traffic in a network.

Firewall is a piece of software or hardware which is used to protect our system from unsecure or untrusted services over the internet. Firewall are often categorized as Network based or Host Based firewall.

Network based Firewall or a packet filter are the software running on a hardware or hardware based application which provide filtering of traffic between two or more networks. Packet filter operate for TCP/IP, where it will not allow or block the IP addresses or any TCP/UDP port when the match is not found with the existing connections. Host based Firewall is a software to control traffic of a single machine.

IP Tables Chain or Rules:
1) Input
2) Forward
3) Output

Input:
It control the incoming connections or the packets that are addressed to our server.

Forward:
It configure the incoming connections which are not created locally or the packets which are destined for other server and route request to the other machine.

Output:
It controls the out going connections or the the traffic created by our sever.

How IP Table Works:
IP table interface, it works by matching each packets that cross the networking interface against a set of rules to decide what to do with the packets. Packets passing through the firewall are directed through one of the policy rule or Chain, depending upon the source and destination address of the packets.

Step 1) Packet or data request come to the firewall.

Step 2) Firewall goes though the process of checking policy.

Step 3) If the packet is coming from the outside source to our machine, it passes through the Input Chain.

Step 4)  If the packet is going to the outside source from our machine, it passes through the Output Chain.

Step 5)  If the firewall does not know packets source and destination address or port number, it passes through the Forward Chain.

Step 6) If the packet does not match with the packet protocol type or, with the source and destination IP address or UDP/TCP port of the interface that is being used, or it’s relation with the previous packet, then firewall will either drop the packet or accept the packet.

Types of IP Table:
Filter Table: This table is responsible for deciding whether to accept or drop the packet.

NAT Table: This table is responsible for modifying the packet source and destination address and port when it’s access point is unknown. 

Mangle Table: This table is used to alter the IP header, either shortening or lengthening the header size.

Raw Table: This table is used to evaluate the packets with respect to the previous packets functionality.

Security Table: This table is used to set internal SELinux security context marks on packets. Where SELinux security is a kernal modification user space tool to access control security policies.