On Tue, 30 Mar 2004 08:48:16 +0100, Someone named Antony Stone <Antony@xxxxxxxxxxxxxxxxxxxx> wrote: > On Monday 29 March 2004 11:56 pm, Cody Harris wrote: > > I think you've got it now. Great! > > The only thing I would comment on what you said above is the phrase "routing > decision": > > Netfilter does not make routing desicions - the Linux kernel does that, even > when you're not running netfilter. Netfilter simply adds the ability to > drop some packets *instead* of routing them on (in the filter tables), or to > change where they're addressed to (in the nat table), although note in the > latter case it's still the kernel routing mechanism which decides how they > get to their (new) destination. So instead of changing the decision, it changes the packet to change the routing decision? If we've covered the NAT table, what's the mangle table? > > I sometimes tell people "a firewall is a router which can say No". > > Regards, > > Antony. > > -- > How I want a drink, alcoholic of course, after the heavy chapters involving > quantum mechanics. > > - 3.14159265358979 > > Please reply to the list; > please don't CC me. > > -- +------------------+-----------------------------+ | Cody Harris | --------------------------- | | ---------------- | --------------------------- | +------------------+-------+---------------------+---+ | *Sigh*. No key. | +----------------------------------------------------+
