IPTables IPTablesis a front-end to control and manage netfilter.
We will focus on layer 3 (Network) controlling source and destination IP Addresses, and layer 4 (ransport) TCP and UDP.
Filter table uses to control IP packets filtering, and it’s consist of 3 chains (INPUT, FORWARD and OUTPUT)
How To use IPTables IPTables command consist of parts, let’s discuss iptables command fields
1- iptables
2- action APPEND, replace, inseart, delete..) followed by name of the chain such as (INPUT, FORWARD or OUTPUT) for Filter tables.
Matching in IPTables IPTables basically based on matching all packets with rules in IPTables tables (Filter, NAT, Mangle) So we can manage matching based on various ways (MAC, IP, ports, protocols .. etc ) or we can say it’s based on Network layers (Data Link, Network, Transport).
For layer 2 (Data Link) based on MAC address For source MAC You can use this flag -m mac --mac-source and for destination MAC you can use this flag -m mac --mac-destination, this will match based on MAC address instead of IP address
Adding new chain You can use this flag iptables -N LAN
Example:
To manage your Intranet easily you should write a new chain and write Intranet rules in this chain.
1- Create new chain ptables -N LAN
2- Forward all traffic in network (192.168.0.0/24) into LAN chain.
iptables -I INPUT 1 -s 192.168.0.0/24 -j LAN
Then you can manage your Intranet rules easily in LAN chain such as:
iptables -A LAN -p tcp --dport 22 -j ACCEPT
