Linux.com: Introduction to ipchainsNov 23, 2000, 14:33 (0 Talkback[s])
(Other stories by Brad Marshall)
"This article will cover the basics of ipchains, including how to compile the kernel, and the basics of configuring it. The assumption is you have a basic knowledge of TCP/IP and firewalling. ipchains is the firewall software available with Linux 2.2. It is a rewrite of the older ipfwadm, used for configuring packet filtering, ip masquerading and other parts of a firewall, under linux."
"To use ipchains, you need support in the kernel. Specifically, you need at least support for the following options:
CONFIG_FIREWALL=y CONFIG_IP_FIREWALL=yipchains allows you to manage rules in the kernel packet filtering area, by adding or deleting rules from various chains. A chain is simply a set of rules that decide what to do with each packet as it traverses the chain, hence the name. By default, there are 3 chains: the input chain, the forward chain, and the output chain. When a chain goes though the firewall, it first goes through the input chain to see if it is allowed it. After this, we have the routing decision, and if the packet isn't local, i.e. destined for a different machine, it goes though the forward chain. Then, just before the packet leaves the machine, it goes through the output chain."