> https://netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-6.html > , are you saying > > A program running on the box can send network packets. These packets > pass through the OUTPUT chain only if the INPUT chain allows it > > ? > > If you do, note my understanding of statement 4 at buttom of the link > is different. Am I wrong? You are correct. I was wrong. You can even see it in the flow diagram I linked [1]. Thank you for pointing that out! If it was on a separate router/firewall machine the reasoning would hold, I think. Please correct me if I am wrong! I guess, it is back to not understanding why blocking inbound connections would be a problem for outbound connections. Best, Christian [1]: https://en.wikipedia.org/wiki/Iptables#/media/File:Netfilter-packet-flow.svg
