IP Tables Interview Questions & Answers


Q: – What is iptables ?

iptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.

Q: – What is the configuration file of iptables in linux ?


Q: – How Do I Save Iptables Rules or Settings?

Fedora Linux you can use following commands to save and restore firewall rules. To Save the rules to /etc/sysconfig/iptables file: # /etc/init.d/iptables save To restore the rules from /etc/sysconfig/iptables file: # /etc/init.d/iptables start If you are using Debian / Ubuntu Linux open /etc/network/interfaces: # vi /etc/network/interfaces Append the line to eth0 section: post-up iptables-restore Close and save the file. Reboot the system.

Q: – What are tables used in iptables ?

Nat Table
Mangle Table
Filter Table

Q: – What is Nat Table in iptables ?

The nat table is used mainly for Network Address Translation. “NAT”ed packets get their IP addresses altered, according to our rules. Packets in a stream only traverse this table once. We assume that the first packet of a stream is allowed. The rest of the packets in the same stream are automatically “NAT”ed or Masqueraded etc, and will be subject to the same actions as the first packet. These will, in other words, not go through this table again, but will nevertheless be treated like the first packet in the stream. This is the main reason why you should not do any filtering in this table, which we will discuss at greater length further on. The PREROUTING chain is used to alter packets as soon as they get in to the firewall. The OUTPUT chain is used for altering locally generated packets (i.e., on the firewall) before they get to the routing decision. Finally we have the POSTROUTING chain which is used to alter packets just as they are about to leave the firewall.

Q: – Describe mangle Table of iptables ?

This table is used mainly for mangling packets. Among other things, we can change the contents of different packets and that of their headers. Examples of this would be to change the TTL, TOS or MARK. Note that the MARK is not really a change to the packet, but a mark value for the packet is set in kernel space. Other rules or programs might use this mark further along in the firewall to filter or do advanced routing on; tc is one example. The table consists of five built in chains, the PREROUTING, POSTROUTING, OUTPUT, INPUT and FORWARD chains. PREROUTING is used for altering packets just as they enter the firewall and before they hit the routing decision. POSTROUTING is used to mangle packets just after all routing decisions have been made. OUTPUT is used for altering locally generated packets after they enter the routing decision. INPUT is used to alter packets after they have been routed to the local computer itself, but before the user space application actually sees the data. FORWARD is used to mangle packets after they have hit the first routing decision, but before they actually hit the last routing decision. Note that mangle can’t be used for any kind of Network Address Translation or Masquerading, the nat table was made for these kinds of operations.

Q: – Explain filter table in iptables ?

The filter table should be used exclusively for filtering packets. For example, we could DROP, LOG, ACCEPT or REJECT packets without problems, as we can in the other tables. There are three chains built in to this table. The first one is named FORWARD and is used on all non-locally generated packets that are not destined for our local host (the firewall, in other words). INPUT is used on all packets that are destined for our local host (the firewall) and OUTPUT is finally used for all locally generated packets.

Q: – What are the target vaules in iptables ?

Following are the possible special values that we can specify in the target.

ACCEPT – Firewall will accept the packet.
DROP – Firewall will drop the packet.
QUEUE – Firewall will pass the packet to the userspace.
RETURN – Firewall will stop executing the next set of rules in the current chain for this packet. The control will be returned to the calling chain

Q: – How To list all the rules applied on your system and how to flush all iptables rules ?

To list the rules we have on our system use:
# iptables -nL
To flush (drop) all the rules we can use:
# iptables -F

Submitted By:-Sonali Balayan            Email-ID: – sonali.balayan@sify.com