INPUT or FORWARD;;
Alistair Tonner
Alistair at nerdnet.ca
Tue Dec 21 07:44:40 CET 2004
On December 20, 2004 04:19 pm, R. DuFresne wrote:
> If I'm reading all this correctly then if set as both INPUT and FORWARD
> rules the FORWARD rules would become redundant and never be hit as the
> INPTU rules would be caught first and deal with what becomes of the
> packets, yes?
Mind the snippage:
INPUT is for *THIS MACHINE*
FORWARD is for THOSE OTHER MACHINES farther on down the network path.
Does that help clarify the concept a bit? Anything local to this pysical
machine, be it IP address, interface, or port ... so long as it is local to
this host is passed through INPUT. FORWARD is for those packets that are
destined for other machines, that is need to be routed from a wire we see to
another wire we see, to get to other machines.
Alistair.
More information about the netfilter
mailing list