Filtering and Manipulation of Packets
Table of Contents
Packet filtering and altering is the main task iptables have to perform and they are really good in it. But a highly configurable and flexible packetfilter is nothing trivial so please read this carefully before you start you experiments.
This chapter will show you how the different filter modules of the iptables are used in detail. It may look shocking but it's not that hard to understand and once you've got it, it' really easy to settup highly complex rulesets for big network routers or simple personal firewalls. Some of these advanced filtering options (connection tracking, mac) need extra modules to be either loaded as module or directly compiled into the kernel. Have a look at the Kernel Compiling HOWTO for details about building a custom kernel.
iptables -A INPUT --source 22.214.171.124 -j ACCEPT
Source specification. Address can be either a network name, a hostname (please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea), a network IP address (with /mask), or a plain IP address. The mask can be either a network mask or a plain number, specifying the number of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.. A ! argument before the address specification inverts the sense of the address. The flag --src is an alias for this option.
iptables -A INPUT --destination ! 126.96.36.199/24 -j ACCEPT
Destination specification is similar in usage to the source option.
|Targets||Up||Checking for the protocol|