Key Takeaway

<aside> 💡

In this chapter, we will explore the roles of netfilter and iptables, take a closer look at the iptables filter table, and conduct experiments to observe how Docker impacts iptables.

</aside>

For a better understanding, please refer to the previous articles on Namespaces, VETH, and ARP.

• 1. Network Namespace and Virtual Ethernet (VETH)
• 2. Unveiling the Secrets of How IP and ARP Work
• 3. A First Look at Linux Bridge
• 4. Understand Linux Routing System
• 5. Understand Linux Routing System - Part 2

Introduction

When we have a Linux machine connected to a network and want to perform certain actions on its packets, how should we proceed?

First, we need to understand that in the Linux environment, network packets arriving from outside to the user application generally follow the flow shown in the diagram below.

What is netfiler ?

• Netfilter is a framework within the Linux kernel used for filtering, modifying, and forwarding network packets.
• It provides a low-level infrastructure that allows hooks at different stages of packet processing (such as receiving, forwarding, and sending) within the kernel.
• Netfilter itself is built into the Linux kernel and offers underlying packet handling capabilities but does not directly interact with users.
• The main functions of netfilter include:
  • Packet filtering
  • Network Address Translation (NAT)
  • Packet modification (e.g., altering headers or marking packets)
  • Packet forwarding or dropping

Reference: https://www.netfilter.org/

What is iptables ?