at first, I had difficulties understanding IP-TABLES too. So, I had my GAL read the manual I got from the internet and had her explain it to me on our date. Below is her explanations. Though it's not complete and came for a GAL of a NEWBIE, it will get your feet dancing!
- filter (table)
input,forward,output (chains for the table filter )
"I use this to check incoming, outgoing and passing packets."
- nat (table)
prerouting,output,postroute (chains for the table nat)
"I use this for masquerading pockets. see SNAT and DNAT option"
- mangle (table)
prerouting,output,input,forward,postrouting (chains for the table mangle)
"I dont know mangle yet!"
Accept all incoming packets from 188.8.131.52 network. -A is add rule, -s is the source and -j is jump to the action to be taken to the packet
ex1. iptables -A INPUT -s 184.108.40.206/24 -j ACCEPT
DROP all ssh coming from 220.127.116.11 network to 18.104.22.168 network. -d is the destination address and -dport is the destination port. -j DROP will drop the packet without notification. replace DROP with REJECT to politely reject the ssh request or send a .
ex2. iptables -A INPUT -s 22.214.171.124/24 -d 126.96.36.199/24 -dport 22 -j DROP
Note : it is better to make a script when creating rules. my first IP-Tables script does the following;
1) flush all rules
2) allow all access of the local host.
3) IP-TABLE Rules Rules
4) Save the rule and restart ip-tables. (optional)
I will add some more later. My mom is calling me! hehe!