Explanation
The netfilter table that contains built-in chains called INPUT, OUTPUT and FORWARD is the filter table.
The filter table is the default table for netfilter and iptables, and it is used to filter packets based on their source, destination, protocol, port, state, etc. The filter table has three built-in chains, which correspond to the netfilter hooks that trigger them:
INPUT: This chain is used to process incoming packets that are destined for the local system. The packets must have passed through the PREROUTING chain and the routing decision before reaching this chain.
OUTPUT: This chain is used to process outgoing packets that are originated from the local system. The packets must have passed through the routing decision before reaching this chain.
FORWARD: This chain is used to process packets that are neither originated from nor destined for the local system, but are routed through the system. The packets must have passed through the PREROUTING and POSTROUTING chains and the routing decision before reaching this chain.
The filter table can have user-defined chains as well, which can be created with the -N option of the iptables command. User-defined chains can be used to organize rules and simplify the management of the firewall.
Rules can be added to any chain in the filter table with the -A option of the iptables command, and they can specify the target action to take if the packet matches the rule. The target can be one of the following:
ACCEPT: This target allows the packet to pass through the chain and continue to the next netfilter hook.
DROP: This target drops the packet and stops its processing.
REJECT: This target drops the packet and sends back an error message to the sender.
LOG: This target logs the packet information to the kernel log and continues to the next rule in the chain.
RETURN: This target returns from the current chain to the calling chain, or to the default policy if there is no calling chain.
A user-defined chain name: This target jumps to the user-defined chain and executes its rules until a terminal target (ACCEPT, DROP, REJECT, or RETURN) is reached or the end of the chain is reached.
References:
A Deep Dive into Iptables and Netfilter Architecture
Iptables Tutorial 1.2.2
How To List and Delete Iptables Firewall Rules