Skip to main content

Filter, NAT and Mangle Tables

Filter Table

The filter table deals with packets bound for the local machine, being routed through the machine, or packets generated by processes on the machine. It contains the default chains:

  • INPUT: For packets bound for local processes.
  • FORWARD: For packets being forwarded through the machine.
  • OUTPUT: For packets generated by local processes that are now outbound to the network.

Network Address Translation (NAT) Table

The network address translation (NAT) table is used when traffic that creates a new network connection is encountered. It contains the default chains:

  • PREROUTING: For altering packets just as they come in.
  • OUTPUT: For altering packets generated by local processes, prior to routing.
  • POSTROUTING: For packets just about to go out to the network.

Mangle Table

The mangle table is for specialized manipulation of network packets. It contains the following default chains:

  • INPUT: For packets bound for local processes.
  • PREROUTING: For altering packets just as they come in.
  • FORWARD: For packets being forwarded through the machine.
  • OUTPUT: For packets generated by local processes that are now outbound to the network.
  • POSTROUTING: For packets just about to go out to the network.