[ Thanks to Kenshi
for this link. ]
“I’m sure many of you have been wondering how to use
iptables to set up a basic firewall. I was wondering the same thing
for a long time until I recently figured it out. I’ll try to
explain the basics to at least get you started.First you need to know how the firewall treats packets leaving,
entering, or passing through your computer. Basically there is a
chain for each of these. Any packet entering your computer goes
through the INPUT chain. Any packet that your computer sends out to
the network goes through the OUTPUT chain. Any packet that your
computer picks up on one network and sends to another goes through
the FORWARD chain. The chains are half of the logic behind iptables
themselves.Now the way that iptables works is that you set up certain rules
in each of these chains that decide what happens to packets of data
that pass through them. For instance, if your computer was to send
out a packet to www.yahoo.com to request an HTML page, it would
first pass through the OUTPUT chain. The kernel would look through
the rules in the chain and see if any of them match. The first one
that matches will decide the outcome of that packet. If none of the
rules match, then the policy of the whole chain will be the final
decision maker. Then whatever reply Yahoo! sent back would pass
through the INPUT chain. It’s no more complicated than that.”