Results 1 to 2 of 2
Hi all, I have been learning about iptables and I am looking at the default tables and the default chains within them. I would like to know why both the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 09-20-2012 #1
- Join Date
- Sep 2012
iptables and OUTPUT chain
I have been learning about iptables and I am looking at the default tables and the default chains within them. I would like to know why both the FILTER and NAT tables have an OUTPUT chain. According to my research, rules added to the OUTPUT chain will affect outgoing packets that were generated by the local machine. This seems to be the case for the OUTPUT chain in both tables. So why have them in both? Is it simply a difference in the order in which the chains are executed? Is there some advantage of altering the OUTPUT chain in one table as opposed to the other?
- 09-29-2012 #2
- Join Date
- Jan 2012
You would have OUTPUT chain rules for the FILTER table to make sure that you can send packets back out on established connections, or if you want to block certain traffic going out of the host. For instance, if you are using the box as a gateway router, you could block mysql packets going out the WAN interface. The NAT table is the same reason.