Hello, netfilter@xxxxxxxxxxxxxx a écrit : > > In the following scenario. Someone makes a new HTTP request from the > Internet that is allowed inbound on eth0 and goes out of the eth1 > interface to the HTTP server in the server network. > The HTTP server in the server network sends the response to the original > requester. > > Does the response ever hit the INPUT chain of ETH1? No. > Or does it immediately go to the FORWARD chain Yes. > and out the OUTPUT chain of eth0. No. The three filter chains are mutually exclusive : a packet can only go through one of them. Forwarded packets only go through the FORWARD chain. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
