- Creating firewall on a Linux relies on a piece of kernel - netfilter
- Netfilter examines incoming/outcoming traffic and decide whether it should pass through the machine or become rejected. It does with the use of so called chains or hooks
The following hooks represent various well-defined points in the networking stack:
- NF_IP_PRE_ROUTING: This hook will be triggered by any incoming traffic very soon after entering the network stack. This hook is processed before any routing decisions have been made regarding where to send the packet.
- NF_IP_LOCAL_IN: This hook is triggered after an incoming packet has been routed if the packet is destined for the local system.
- NF_IP_FORWARD: This hook is triggered after an incoming packet has been routed if the packet is to be forwarded to another host.
- NF_IP_LOCAL_OUT: This hook is triggered by any locally created outbound traffic as soon it hits the network stack.
- NF_IP_POST_ROUTING: This hook is triggered by any outgoing or forwarded traffic after routing has taken place and just before being put out on the wire.
- DROP is frequetly used since it silently drops the packet and does not return any error message
- LOG is useful because it logs all bad entries for admin to examine
