Manualshelf

System information

ManualsBrandsCyclades ManualsNetworkingAlterPath OnBoard
919293949596979899100
Introduction 57
Firewall/Packet Filtering on the OnBoard
The OnBoard comes with a number of built-in chains with hidden rules that
are preconfigured to control communications between devices that are
connected to the OnBoard’s private Ethernet ports and devices on the public
side of the OnBoard. The default chains are defined in “filter” and “nat”
iptables. The “mangle” table is not used.
The built-in chains are named according to the type of packets they handle, as
shown in the following lists. The first three chains listed below are in the
iptables “filter” table.
INPUT
•OUTPUT
•FORWARD
The three chains listed below are in the “nat” table. These chains implement
NAT (network address translation) including the redirecting packets
addressed to a virtual IP to the device’s real IP address and hiding the device’s
real IP address when the device sends packets to the authorized user:
PREROUTING
POSTROUTING
•OUTPUT
Rules
Each chain can have one or more rules that define the following:
The packet characteristics being filtered
The packet is checked for characteristics defined in the rule, for example,
a specific IP header, input and output interfaces, and protocol.
What to do when the packet characteristics match the rule
The packet is handled according to the specified action (called a “Rule
Target,” “Target Action” or “Policy”).
When a packet is filtered, its characteristics are compared against the rules
one-by-one. All characteristics must match.