netfilter¶
简介¶
过滤流程图¶
图片引用自wiki:https://en.wikipedia.org/wiki/Netfilter#/media/File:Netfilter-packet-flow.svg
主要功能¶
- 无状态过滤IP报文
- 有状态过滤IP报文
- IP和端口转换
钩子点¶
| 钩子点 | 描述 |
|---|---|
| NF_IP_PRE_ROUTING | This hook will be triggered by any incoming traffic very soon after entering the network stack. This hook is processed before any routing decisions have been made regarding where to send the packet. |
| NF_IP_LOCAL_IN | This hook is triggered after an incoming packet has been routed if the packet is destined for the local system. |
| NF_IP_FORWARD | This hook is triggered after an incoming packet has been routed if the packet is to be forwarded to another host. |
| NF_IP_LOCAL_OUT | This hook is triggered by any locally created outbound traffic as soon it hits the network stack. |
| NF_IP_POST_ROUTING | This hook is triggered by any outgoing or forwarded traffic after routing has taken place and just before being put out on the wire. |