Iptables/Netfilter架构图
mangleOUTPUT
filterFORWARD
Connection tracking enabled
rawOUTPUT
其他服务器或网络
网卡
mangleFORWARD
目标地址为本机
securityOUTPUT
Routing decision
客户端
内核态
filterOUTPUT
目标地址非本机
nat(SNAT)INPUT
manglePREROUTING
filterINPUT
应用进程
nat(DNAT)OUTPUT
用户态
securityINPUT
rawPREROUTING
nat(SNAT)POSTROUTING
mangleINPUT
manglePOSTROUTING
nat(DNAT)PREROUTING
securityFORWARD
