The target can be a user-defined chain (other than the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS below). This specifies the target of the rule i.e., what to do if the packet matches it. If this option is omitted, any interface name will match. If the interface name ends in a "+", then any interface which begins with this name will match. When the "!" argument is used before the interface name, the sense is inverted. Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination. IPv6 NAT support is available since kernel 3.7.Īppend one or more rules to the end of the selected chain. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out). This table is consulted when a packet that creates a new connection is encountered. Each table contains a number of built-in chains and may also contain user-defined chains. Iptables and ip6tables are used to set up, maintain, and inspect the tables of IPv4 and IPv6 packet filter rules in the Linux kernel.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |