Am 11.08.21 um 16:12 schrieb Harry S:
Hello, I'm unable to understand why in Netfilter there are no INPUT versus FORWARD chain choices right after the packet has traversed the OUTPUT chain? Currently, a locally-generated packet goes straight from OUTPUT to POSTROUTING! Let's say a process on a router host generates a packet. This packet goes to the OUTPUT chain, following which a routing decision is made. Now, this packet could be destined either for the loopback interface, or for one of the host's many ethernet interfaces. If so, why shouldn't Netfilter bring the packet to the same INPUT / FORWARD decision-fork in the path that exists for an incoming packet soon after it has crossed PREROUTING?
because it did not enter from the network nor is it forwarded which means you are a middlebox
