I am new to iptables and a bit confused. What I would like to know is, for example, if I need to block a certain IP from accessing my server, should I add the rule to the mangle table or the filter table to block the IP address?
Currently I block the IP in the filter table. Is that correct ?
More generally, when should we use the filter table, nat table, mangle table and raw table? I went through the iptables docs, but I find them confusing.
The filter table is for, well, filtering... so to block a host that is the correct table.
The nat table is for all things related to performing NAT actions, like the name indicates.
The mangle table is for modifying packets in whatever way (besides NAT), e.g. changing the ToS (Type of Service) or marking the packet for routing purposes.
The raw table is processed first, and can be used to configure exemptions from connection tracking. It's also a useful place to block packets when dealing with a DoS (Denial of Service) as dropping the packet as soon as possible minimizes the necessary processing power.
