Netfilter

2.1 The notion of chains

• chains   programs

• a packet matching a rule will be directed to a chain

• a packet always goes trough one of these 3 chains :
  • Input : a packet going to the system incoming in an interface
  • Output : a packet generated by the system leaving an interface
  • Forward : a packet going though the system

• The following chains cannot be redefinned
  • ACCEPT : the packet is accepted
  • DROP : the packet is ignored
  • RETURN : end of the current program or application of the default policy for Input, Output and Forward
  • REJECT : the packet is rejected without any error message
  • LOG : the packet is logged
  • QUEUE : the packet is forwarded to a user program which will decide of it's fate

Netfilter

® © Hervé Schauer Consultants 2000 - 4 bis, rue de la gare - 92300 Levallois-Perret
Phone : +33 141 409 700 - Fax : +33 141 409 709 - Email : <secretariat@hsc.fr>