Chapter 25.  iptables: Setting Up a Firewall


25. iptables: Setting Up a Firewall

IN THIS CHAPTER


The iptables utility builds and manipulates network packet filtering rules in the Linux kernel. You can use iptables to create a firewall that protects a system from malicious users and to set up NAT (Network Address Translation, page ), which can allow multiple systems to share a single Internet connection. The iptables utility is flexible and extensible, allowing you to set up both simple and complex network packet filtering solutions. It provides connection tracking (stateful packet filtering), allowing you to handle packets based on the state of their connection. For example, you can set up rules that reject inbound packets trying to open a new connection and accept inbound packets that are responses to locally initiated connections. Features not included in the base iptables package are available as patches via the patch-o-matic program.

Some of the concepts required to fully understand iptables are beyond the scope of this book. Although you can use iptables at several different levels, this chapter presents only the fundamentals. There are, however, some sections of this chapter that delve into areas that may require additional understanding or explanation. If a concept is not clear, refer to one of the resources in ""on page .