banner
阿江要努力鸭

阿江要努力鸭

好软推荐 / 效率提升 / 自我管理 / 系统方法论 / 变现点子王
bilibili
douban
email
HomeArchives

Linux iptables Four Tables and Five Chains and How to Delete Individual Raw Table Rules

#Linux#防火墙#iptables39
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
During a security exercise, a device was unable to connect to the main control end. After checking the INPUT and OUTPUT tables with the command "iptables -L INPUT --line -number," it was discovered that there were abnormalities and both tables were deleted. However, the device still couldn't connect. It was later determined that there was a policy in the raw table causing the issue. The Linux firewall (iptables) uses a structure called "Four Tables, Five Chains" to manage and control network traffic. The four tables are filter, nat, mangle, and raw, each serving different purposes. The five chains are INPUT, OUTPUT, FORWARD, PREROUTING, and POSTROUTING, each handling different types of packets. To delete the raw table, the command "iptables -t raw -F" can be used to clear all rules, followed by "iptables -t raw -X" to delete the table. It is important to have administrator or root privileges and to understand the impact before deleting any tables or rules. It is recommended to backup rules and test changes in a secure environment. To delete a specific rule in the raw table, the command "iptables -t raw -D" can be used, replacing the placeholders with the appropriate chain and rule position or specification.

Background#

During the attack and defense exercise, a device could not connect to the master control end. When using iptables -L INPUT --line -number to view INPUT and OUTPUT, there were abnormalities and both were deleted, but the connection to the master control end still couldn't be established. Finally, it was confirmed that there was a policy in the raw table.

Four Tables and Five Chains#

Linux firewall (iptables) uses the structure of Four Tables, Five Chains to manage and control network traffic. This structure is a core component of iptables and is used to configure firewall rules and filter network packets.

Here is an overview of the Four Tables:

  1. filter table: used to filter network packets and determine whether to allow or reject packets through the firewall based on rules.
  2. nat table: used for Network Address Translation (NAT), mainly used to implement port forwarding and IP address translation.
  3. mangle table: used to modify the headers of packets, such as modifying the Time to Live (TTL) value and setting packet marks.
  4. raw table: provides processing of raw packets, usually used for configuring Connection Tracking and handling specific types of packets.

Here are the Five Chains:

  1. INPUT chain: used to process packets entering the local system, such as incoming network requests.
  2. OUTPUT chain: used to process packets sent from the local system, such as network requests initiated by the local system.
  3. FORWARD chain: used to process packets forwarded through the local system, such as packets forwarded as a router.
  4. PREROUTING chain: used to process packets before they reach the network protocol stack of the local system, usually used for Network Address Translation (NAT).
  5. POSTROUTING chain: used to process packets after they leave the network protocol stack of the local system, usually used for Network Address Translation (NAT).

Deleting the raw table#

To delete the raw table in the Linux firewall, you can use the -t option of the iptables command to specify the table name as "raw", use the -F option to flush all the rules in that table, and then use the -X option to delete the table.

Here are the command examples to delete the raw table:

iptables -t raw -F
iptables -t raw -X

Please note that executing these commands requires administrator or root privileges. Before deleting a table, make sure you understand and confirm its impact to avoid accidentally deleting important rules. It is recommended to backup your rules before making any firewall configuration changes and test them in a secure environment.

Deleting individual rules in the raw table#

To delete a single rule in the raw table, you can use the -t option of the iptables command to specify the table name as "raw", and use the -D option to specify the position or rule specification of the rule to be deleted.

Here are the command examples to delete an individual rule in the raw table:

iptables -t raw -D <chain> <rule_specification>

Please replace <chain> with the chain in the raw table (e.g., PREROUTING, OUTPUT, etc.), and replace <rule_specification> with the specific position or rule specification of the rule to be deleted.

For example, if you want to delete the third rule in the PREROUTING chain, you can execute the following command:

iptables -t raw -D PREROUTING 3

If you know the rule specification of the rule to be deleted, you can replace it with <rule_specification>. For example, if you want to delete a rule with a source IP address of 10.0.0.1, you can execute the following command:

iptables -t raw -D PREROUTING -s 10.0.0.1 -j <target>
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.