Iptables-tutorial

Online: HTML | Chunky HTML
Downloadable: PS | Chunky HTML tgz | HTML tgz | DocBook tgz | Debian package
Translations: Chinese | Spanish | French | Japanese
Information on writing translations
Misc: ChangeLog | TODO

The aim of the iptables-tutorial is to explain iptables in a complete and simple way. The iptables-tutorial is currently rather stable, and contains information on all the currently available matches and targets (in kernel), as well as a couple of complete example scripts and explanations. It contains a complete section on iptables syntax, as well as other interesting commands such as iptables-save and iptables-restore.

The tutorial was under heavy scrutiny and updating, as can be seen in the latest version of the tutorial. It was available in bookform from Lulu.com for a brief period of time. However due to too much technical problems and the time it took to correct all the “errors” according to Lulu, I decided it simply wasn’t worth it at the time (this might change at some point, but not likely). For example, I had a conversion error between different types of points leading to my pages being 0.03 inches too small on the height and 0.01 inches too small on the width, and because of that they refused to handle. Their way of handling this was to allow the book to be published, and then every once in a while when someone ordered a book (and paid for it), they all of a sudden cancelled the publication, sent me a note that they did so (not explaining why), and so forth. It took me 1-2 months of contact with their customer support to drag this simple “why” out of them, then another few weeks to actually find the reason for the problem. Then there was problems with the size of the cover (generated in their own webtools), etc.

If you need help, you are better off by asking the netfilter mailing list which you can reach at netfilter at lists.netfilter.org. For more information on this, visit the netfilter mailinglist page. You may also contact the linuxsecurity mailing list at security-discuss AT linuxsecurity dotcom. Both are fairly large, and should be able to help you much much better than I can.

* Added SCTP match.
* Added addrtype match.
* Added link to policy routing using linux by Matthew G. Marsh.
* Added some internal links for better cross linking.
* Added comment match.
* Added hashlimit match.
* Added new --cmd-owner to owner match.
* Added realm match.
* Added important.gif image sign.
* Added l7-filter to ip_filtering_introduction.sgml.
* Added l7-filter link to other_resources.sgml.
* Added raw table in traversing_of_tables_and_chains.sgml
* Added raw table in how_a_rule_is_built.sgml chapter.
* Added SECMARK and CONNSECMARK to traversing_of_tables_and_chains.sgml.
* Added user specified chains section in traversing_of_tables_and_chains.sgml.
* Added UNTRACKED and new untracked connections section in statemachine.sgml.
* Added SCTP characteristics section to tcp_ip_repetition.sgml
* Added all images for the SCTP chapters.
* Added Whats next? to all chapters.
* Added SCTP headers section in the tcp_ip_repetition.sgml chapter.
* Added CLUSTERIP target.
* Added CONNMARK target.
* Added connmark match.
* Added CONNSECMARK target.
* Added SECMARK target.
* Added NOTRACK target.
* Added NFQUEUE target.
* Added index of all chapters and appendixes.
* Updated all header images from the tcp_ip_repetition.sgml chapter.
* Updated all diagrammatical images to a nicer look.
* Updated admonition images (Jens Larsson)
* Updated tables_traverse.gif with raw table and switched fonts.
* Updated information for the QUEUE target for 2.6.14 kernel.
* Updated ttl match explanation somewhat.
* Updated Print indentation 0.8 inch.
* Updated centered header and footer.
* Removed internal catalogs etc, living off of local ones instead.
* Removed old data in TOS and TTL targets.
* Fixed history.sgml layout.
* Fixed indexing system.
* Fixed minor error in recent match explanation.
* Fixed --limit-burst, bad explanation.
* Fixed s/package/packet/ in MARK target. (G.W. Haywood)
* Fixed all sgml tables.
* Indexed commercial_products.sgml.
* Indexed and fixed markup of debugging.sgml.
* Indexed and fixed markup of example_scripts.sgml.
* Indexed and fixed markup of how_a_rule_is_built.sgml.
* Indexed and fixed markup of introduction.sgml
* Indexed and fixed markup of ip_filtering_introduction.sgml.
* Indexed and fixed markup of iptables_matches.sgml.
* Indexed and fixed markup of iptables_targets.sgml.
* Indexed and fixed markup of nat_introduction.sgml.
* Indexed and fixed markup of rc_firewall.sgml.
* Indexed and fixed markup of statemachine.sgml.
* Indexed and fixed markup of tcp_ip_repetition.sgml.
* Indexed and fixed markup of traversing_of_tables_and_chains.sgml.