Router iptables structure (fw 4.0.0 +).
In category Routers .
mangle PREROUTING
|
|-> pre (WAN interfaces only)
|
|-> pre_ipsec - ACCEPT rules for IPsec tunnels
|
|-> pre_fw - RETURN/DROP rules based on firewall configuration
|
|-> pre_lim - RETURN/DROP rules based on firewall configuration
|
|-> pre_nat - ACCEPT rules based on NAT configuration
|
|-> pre_sys - DROP rules for disabled default system services
nat PREROUTING
|
|-> pre (WAN interfaces only)
|
|-> pre_ipsec - DNAT rules for IPsec tunnels
|
|-> pre_nat - DNAT rules based on NAT configuration
|
|-> pre_sys - ACCEPT/REDIRECT rules for enabled default system services
|
|-> pre_srv - ACCEPT rules for enabled optional system services
| |
| |-> srv_...
| |-> srv_...
| |-> srv_...
|
|-> pre_mod - ACCEPT rules for installed user modules
| |
| |-> mod_...
| |-> mod_...
| |-> mod_...
|
|-> pre_def - DNAT rule based on NAT configuration
nat POSTROUTING
|
|-> post (WAN interfaces only)
|
|-> post_ipsec - ACCEPT/SNAT rules for IPsec tunnels
|
|-> post_msq - MASQUERADE rule based on NAT configuration
filter INPUT
|
|-> in
|
|-> in_sys - ACCEPT rules for all default system services
|
|-> in_srv - ACCEPT rules for enabled optional system services
| |
| |-> srv_...
| |-> srv_...
| |-> srv_...
|
|-> in_mod - ACCEPT rules for installed user modules
|
|-> mod_...
|-> mod_...
|-> mod_...
filter FORWARD
|
|-> fwd - ACCEPT/DROP rules based on firewall configuration
