On December 20, 2004 04:19 pm, R. DuFresne wrote: > If I'm reading all this correctly then if set as both INPUT and FORWARD > rules the FORWARD rules would become redundant and never be hit as the > INPTU rules would be caught first and deal with what becomes of the > packets, yes? Mind the snippage: INPUT is for *THIS MACHINE* FORWARD is for THOSE OTHER MACHINES farther on down the network path. Does that help clarify the concept a bit? Anything local to this pysical machine, be it IP address, interface, or port ... so long as it is local to this host is passed through INPUT. FORWARD is for those packets that are destined for other machines, that is need to be routed from a wire we see to another wire we see, to get to other machines. Alistair.
