Iptables tables and chains
The Linux kernel uses the Netfilter facility to filter packets, allowing some of them to be received by or to pass through the system while stopping others. This facility is built into the Linux kernel, and has five built-in tables or rules lists, as follows. Filter: This is the default table for handling network packets. NAT: This is used to alter packets that create a new connection and also used for Network Address Translation (NAT). Mangle: This is for specific types of packet alterations. Raw: This is mainly for configuring exemptions during connection tracking in combination with the NOTRACK target. Security: This is used for Mandatory Access Control (MAC) networking rules, such as those enabled by the SECMARK and CONNSECMARK targets. Each table has a group of built-in chains, which correspond to the actions performed on the packet by Netfilter.