The Linux Security Journey — iptables: Chains
<p>In general “iptables” is an administration tool used IPv4/6 packet filtering and NAT (<a href="https://linux.die.net/man/8/iptables" rel="noopener ugc nofollow" target="_blank">https://linux.die.net/man/8/iptables</a>). “iptables” uses a series of rules that are organized into chains, in order to handle network traffic. Overall there are 5 built-in chains: PREROUTING, INPUT, FORWARD, OUTPUT and POSTROUTING. Those chains are based on the NetFilter’s hooks callbacks (<a href="https://medium.com/@boutnaru/the-linux-security-journey-netfilter-90c6cf12ca40" rel="noopener">https://medium.com/@boutnaru/the-linux-security-journey-netfilter-90c6cf12ca40</a>). We can also see that in the source code both for IPv4 (<a href="https://elixir.bootlin.com/linux/v6.5.5/source/net/ipv4/netfilter/ip_tables.c#L124" rel="noopener ugc nofollow" target="_blank">https://elixir.bootlin.com/linux/v6.5.5/source/net/ipv4/netfilter/ip_tables.c#L124</a>) and IPv6 (<a href="https://elixir.bootlin.com/linux/v6.5.5/source/net/ipv6/netfilter/ip6_tables.c#L149" rel="noopener ugc nofollow" target="_blank">https://elixir.bootlin.com/linux/v6.5.5/source/net/ipv6/netfilter/ip6_tables.c#L149</a>).</p>
<p>Moreover, we can also create user defined chains using the following command “sudo iptables -N CHAIN_NAME”. After we created the chain we can add new rules (more on rules in a future writeup) for it by specifying the chain name with the “-A” switch in “iptables” — as shown in the screenshot below. In order to move to another chain we need to use a “Jump Target” , which causes the evaluation to be done on a different chain for additional processing (<a href="https://www.digitalocean.com/community/tutorials/a-deep-dive-into-iptables-and-netfilter-architecture#jumping-to-user-defined-chains" rel="noopener ugc nofollow" target="_blank">https://www.digitalocean.com/community/tutorials/a-deep-dive-into-iptables-and-netfilter-architecture#jumping-to-user-defined-chains</a>). More on the different targets which are available in a future writeup.</p>
<p><a href="https://medium.com/@boutnaru/the-linux-security-journey-iptables-chains-5b31d1eb6b53"><strong>Learn More</strong></a></p>