• Userspace program for configuring Linux kernel firewall for IP packets
• Network packets go through a series of firewall chains hosted in specific firewall tables
  • Available tables differ between kernel configurations
  • Commonly used ones are filter, nat and mangle
• Typically coupled with iproute2 for routing
  • One probably already used them; commands include ip and ss

• View all rules across all tables: iptables-save

sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -A FORWARD -i wlan0 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Used to modify packet headers. Most common use case in marking packets for specialized routing, using the MARK target. Example¹⁾ below shows mail packets being redirected by ip-route to a different routing table mail:

# Set '1' mark on TCP packets headed to port 25
user:~$ iptables -t mangle ... -p tcp --dport 25 -j MARK --set-mark 1
 
# Create 'mail' table (with table ID 201) and add routing rule
user:~$ echo 201 mail >> /etc/iproute2/rt_tables
user:~$ ip route add default via 195.96.98.253 ... table mail
 
# Force packets with '1' mark to use the 'mail' routing table
user:~$ ip rule add fwmark 1 table mail

Other possible use cases

• Rusty's Remarkably Unreliable Guides, written by the dude that wrote iptables
• On mangling:
  • Linux Advanced Routing & Traffic Control HOWTO
• HowToGeek
• https://billauer.co.il/ipmasq-html.html
• man iptables