Introducing iptables
Both security groups and Neutron firewalls leverage iptables rules to perform traffic filtering. Iptables is a built-in firewall in Linux that allows a system administrator to define tables containing chains of rules that determine how network packets should be treated. Packets are processed by sequentially traversing rules in chains within the following tables:
Raw: This is a default table that filters packets before any other table. It is mainly used to configure exemptions from connection tracking and is not used by security groups or FWaaS.
Filter: This is a default table used to filter packets.
NAT: This is a default table used for network address translation.
Mangle: This is a default table used for specialized packet alteration and is not used by security groups or FWaaS.
A rule in a chain can cause a jump to another chain, and this behavior can be repeated to whatever level of nesting is required. The system recalls the point at which a jump occurs and can return...
