Linux Networking Basics: iptables Command (Linux网络基础:iptables指令)
Published:
A Zhihu Blog about the iptables command, netfilter hooks, Linux packet-processing tables and chains, and practical access-control rules for Docker bridge networking.
This article explains how packets pass through PREROUTING, INPUT, FORWARD, OUTPUT, and POSTROUTING hooks, how raw, mangle, nat, filter, and security tables work together, and why host firewalls may fail to block traffic exposed through Docker bridge mode. It also summarizes practical solutions based on raw/PREROUTING rules and the DOCKER-USER chain.