ip src/dest is used for routing decisions by the kernel. The IP state
machine (check the RFC or any decent TCP/IP textbook) is really quite
simple. But iptables sticks its nose into the center of that state
machine and can mangle addresses to change how packets flow through the
machine, or just simplely yank packets right out of the machine with a
simple NO (drop).
So in my mind's eye of the IP state machine (my MSU CPS 410 prof was
death on state machines; turn in a perfectly executing assignment
without one and there went half your grade. See HIP for its state
machine) is dictated by iptables as to what it is allowed to route.
That just means iptables can influence routing by manipulating packet
headers. Routing is still controlled by the kernel.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
