Hello, I am trying to make a packet go through the least amount of chains / tables as possible for performance. I have read through the online documentation about netfilter and this "Linux Firewalls Second Edition" book (which was ok). But I still have some questions about the order in which the tables are checked. Here is what I think happens when a pack comes in and should be forwarded to a internal machine Firewall External interface: Packet comes in: NAT table PREROUTING NAT talbe OUTPUT NAT table POSTROUTING filter table INPUT filter table OUTPUT or forward Then you would have the same thing when the packet leaves the internal interface. Of course this is if you break it down by interface first. Please let me know if this is correct ? -- Michael Gale Network Administrator Utilitran Corporation
