IPTables and Netfilter

Question 1

What are the five netfilter hooks?

Answer 1

NF_IP_ROUTING, NF_IP_LOCAL_IN, NF_IP_FORWARD, NF_IP_LOCAL_OUT, NF_IP_POST_ROUTING

Question 2

what is PRE_ROUTING netfilter hook?

Answer 2

hook is triggered by any incoming traffic entering the network stack. This hook is processed before any routing decisions have been made.

Question 3

what is LOCAL_IN netfilter hook

Answer 3

hook is triggered after an incoming packet has been routed if the destination is the local system

Question 4

what is _FORWARD

Answer 4

hook is triggered after an incoming packet has been routed if the packet is to be forwarded to another host

Question 5

what is LOCAL_OUT netfilter hook

Answer 5

triggered by any locally created outbound traffic as soon as it hits the network stack

Question 6

what is POST_ROUTING netfilter hook

Answer 6

this hook is triggered by any outgoing for forwarded traffic after routing as taken place, before being sent out on wire

Question 7

what determines the order of hook calls if multiple kooks are registered?

Answer 7

hooks are registered with a priority number.

Question 8

What are the tables of IP tables

Answer 8

NAT, FILTER, MANGLE, RAW, SECURITY

Question 9

What are the chains of each table

Answer 9

PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING

Question 10

what is the purpose of the filter table?

Answer 10

decide to allow packet to continue to destination or not

Question 11

what is the purpose of the NAT table

Answer 11

used to implement network address translation. The source or destination is changed.

Question 12

what is the purpose of the Mangle table

Answer 12

Used to alter the ip headers

Question 13

what is the purpose of the raw table

Answer 13

to mark packets to avoid connection tracking

Question 14

what are the two types of NAT

Answer 14

DNAT (destination) and SNAT (source)

Question 15

Does NAT processing come before Filter?

Answer 15

DNAT does, but SNAT does not

Question 16

T/F nat rules are created on the first packet and will be applied to the stream?

Answer 16

True

Question 16

T/F iptables is stateful

Answer 16

True

Question 17

T/F NAT rules applied to a stream will be applied to responses

Answer 17

Yes, response have the reverse NAT rules applied

Question 18

What chains are applied to incoming destined for host?

Answer 18

PREROUTING -> INPUT

Question 18

What chains are applied to incoming, meant for another host?

Answer 18

PREROUTING -> FORWARD -> POSTROUTING

Question 19

Locally Generated Packets

Answer 19

OUTPUT - > POSTROUTING

Question 20

What are targets and terminating vs nonterminating

Answer 20

when a packet meets a matching criteria. Terminating stops traversing the chain

Question 21

What is the matching portion of a rule

Answer 21

Rules can be created to match protocol type, destination and source address and port.

Question 22

Connections are tracked by netfilter’s connection tracking, what are the states?

Answer 22

new, established, related, invalid, untracked,