On Wed, Aug 11, 2021 at 8:02 PM Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > > Am 11.08.21 um 16:12 schrieb Harry S: > > > > Let's say a process on a router host generates a packet. This packet > > goes to the OUTPUT chain, following which a routing decision is made. > > Now, this packet could be destined either for the loopback interface, > > or for one of the host's many ethernet interfaces. If so, why > > shouldn't Netfilter bring the packet to the same INPUT / FORWARD > > decision-fork in the path that exists for an incoming packet soon > > after it has crossed PREROUTING? > > because it did not enter from the network nor is it forwarded which > means you are a middlebox True, it didn't enter the network stack from the 'wire', but shouldn't the routing and table/chain semantics apply to it equally? For, an application running on the same host won't care where the packet came from: from the wire, or from another local process?
