Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    iptables and OUTPUT chain

    Hi all,

    I have been learning about iptables and I am looking at the default tables and the default chains within them. I would like to know why both the FILTER and NAT tables have an OUTPUT chain. According to my research, rules added to the OUTPUT chain will affect outgoing packets that were generated by the local machine. This seems to be the case for the OUTPUT chain in both tables. So why have them in both? Is it simply a difference in the order in which the chains are executed? Is there some advantage of altering the OUTPUT chain in one table as opposed to the other?

  2. #2
    Linux Newbie
    Join Date
    Jan 2012
    You would have OUTPUT chain rules for the FILTER table to make sure that you can send packets back out on established connections, or if you want to block certain traffic going out of the host. For instance, if you are using the box as a gateway router, you could block mysql packets going out the WAN interface. The NAT table is the same reason.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts