On Wednesday 23 October 2002 1:15 pm, Gavin wrote: > Would I be right in thinking that the OUTPUT chain only filters traffic > originating from the firewall box itself, and that any traffic coming from > your clients would fall into the FORWARD chain? If that is the case, then > filtering OUTPUT would have no effect on your users' ability to surf, mail > etc, but only on the firewall box's ability to generate traffic. Yes, you are correct in this understanding of what the OUTPUT and FORWARD chains are for, however I believe this thread started by asking about setting up rules in the OUTPUT chain to enable nmap to be used *from the box which the netfilter rules are on*. Therefore the packets being discussed are all locally generated anyway. Antony. -- All matter in the Universe can be placed into one of two categories: 1. things which need to be fixed 2. things which will need to be fixed once you've had a few minutes to play with them
