Following up to myself... > Then that's where our impression differs. I have thought up > to now that > INPUT is hit before PREROUTING before FORWARD before > POSTROUTING before > OUTPUT. And that a packet may stop being processed between > PREROUTING and > FORWARD as well as between POSTROUTING and OUTPUT. > > I may check the one NATing firewall I have running.. later. I just did check that machine and you're right, I was wrong. So INPUT and OUTPUT rules shouldn't be required in the case we're discussing. Cheers, Tobias
