信息包

在信息包过滤表中，规则被分组放在我们所谓的链（chain）中。

Inside the packet filtering tables the rules are grouped together in what are known as chains .

filter表用于一般的信息包过滤，它包含INPUT、OUTPUT和FORWARD链。

The filter table is used for general packet filtering and consists of INPUT , OUTPUT , and FORWARD chains .

我们给所有潜在的客户都发了信息包。

We send all potential clients an infopack .

处理入站信息包的规则被添加到INPUT链中。

Rules dealing with incoming packets are added to the INPUT chain .

类似的，源自外部系统并前往外部系统的信息包被传递到FORWARD链。

Similarly , packets originating from outside systems and destined for outside systems are passed on to the FORWARD chain .

理想的策略应该告诉内核DROP该信息包。

Ideally the policy should tell the kernel to DROP that packet .

这意味着，将丢弃所有与INPUT链中任何规则都不匹配的信息包。

That means all the packets not matching any rule in the INPUT chain will be dropped .

最后，RELATED表示该信息包正在启动新连接，以及它与已建立的连接相关联。

Finally , RELATED means that the packet is starting a new connection and it is associated with an already established connection .

这些规则存储在专用的信息包过滤表中，而这些表集成在Linux内核中。

These rules are stored in special-purpose packet filtering tables integrated in the Linux kernel .

还可以使用目标DROP或REJECT来阻塞并杀死信息包。

A packet can also be blocked and killed using target DROP or REJECT .

状态NEW意味着该信息包已经或将启动新的连接，或者它与尚未用于发送和接收信息包的连接相关联。

The state NEW means that the packet has or will start a new connection or that it is associated with a connection that has not been used to both send and receive packets .

如果某个信息包与规则匹配，那么使用目标ACCEPT允许该信息包通过。

If a packet matches a rule , the packet can be allowed to pass through using target ACCEPT .

d或&destination：该目的地匹配用于根据信息包的目的地IP地址来与它们匹配。

D or & destination : This destination match is used to match packets based on their destination IP address .

如果链是如INPUT之类的主链，则使用该链的缺省策略处理信息包。

If the chain is a main chain like INPUT , the packet will be handled using the default policy of that chain .

RETURN：在规则中设置的RETURN目标让与该规则匹配的信息包停止遍历包含该规则的链。

RETURN : The RETURN target set in a rule makes the packet matching that rule stop traversing through the chain containing the rule .

ip哄骗攻击是消息发送人强迫一个源ip地址（不是正当的）进入一个信息包时发生的

An IP spoof attack is when the message originator forces a source IP address other than the correct one into a packet

状态ESTABLISHED指出该信息包属于已建立的连接，该连接一直用于发送和接收信息包并且完全有效。

The state ESTABLISHED indicates that the packet is part of an already established connection that has been used to both send and receive packets and is fully valid .

另外，REJECT将错误消息发回给信息包的发送方。

Also , REJECT sends back an error message to the sender of the packet .

GML（n，1）模型的信息包容量丰富，适用范围广泛。

Furthermore GML ( n , 1 ) model is rich in information and can be used widely .

跟XML一样，Agavi不会自动将JSON信息包转换成请求参数。

As with XML , Agavi will not automatically convert JSON packets into request parameters .

开发打包设计和迁移计划功能负责开发新的信息包（IP）设计和详细的迁移计划和原型以执行管理模块的政策和指令。

The Develop Packaging Designs and Migration Plans function develops new IP designs and detailed migration plans and prototypes , to implement Administration policies and directives .

介绍USB通用串行总线检测信息包错误的方法，分析USB对传输错误的处理过程。

The method of error detecting in USB is introduced in this paper , and analysed the mechanism of USB handling errors .

WS-Security规范采用SOAP信息包结构，其实现的安全性是SOAP安全性规范的扩展。

WS - Security adopts the structure of SOAP messages , its safety is of expansion of SOAP safety .

DROP：当信息包与具有DROP目标的规则完全匹配时，会阻塞该信息包，并且不对它做进一步处理。

DROP : A packet that matches a rule perfectly that has a DROP target will be blocked and no further processing will be done on it .

当一个评论发送到你的网络博客上的时候，IP地址包含在一个信息包中，这个信息包与评论一起出现在网络上。

When a comment is sent to your weblog , the IP address is included in the packet of information that travels with that comment across the internet .

网络流量由IP信息包（或，简称信息包）以流的形式从源系统传输到目的地系统的一些小块数据组成。

Network traffic is made up of IP packets or simply packets & small chunks of data traveling in streams from a source system to a destination system .

一个提交信息包（SIP）也可能包括多个存档信息包（AIP）中的信息。

A single SIP may contain information that is to be included in several AIPs .

大约在Bob实施攻击一分钟之后，我注意到信息包逐渐占满了上行链路。

About a minute or so after Bob begins his attack , I notice that my uplinks start becoming saturated with packets .

INVALID状态指出该信息包与任何已知的流或连接都不相关联，它可能包含错误的数据或头。

INVALID state indicates that the packet is not associated with any known stream or connection and it may contain faulty data or headers .

如果信息包源自外界并前往系统，而且防火墙是打开的，那么内核将它传递到内核空间信息包过滤表的INPUT链。

If the packet originated from outside and is destined for the system and the firewall is on , the kernel passes it on to the INPUT chain of the kernelspace packet filtering table .