Why does Fedora do this with iptables?

Michael Schwendt mschwendt at gmail.com
Wed Sep 12 01:43:39 UTC 2007


On 12/09/2007, Michael Klinosky <mpk2 at enter.net> wrote:
> Michael S.:
> > With iptables/netfilter, user-defined chains are *essential* for many
> > firewall implementation details. There are some things you cannot do
> > without using user-defined chains (e.g. a logical AND for certain
> > types of traffic). Get used to it.
>
> OK. But, why put everything into a U-D chain?

Why not? What's bad?

> I figure that the geek
> thing would be to have them for only that which needs it.

For the geek the jump into a user-defined chain is easier to switch
on/off and display/hide than an entire set of rules in a customised
built-in chain. With regard to a tool like system-config-firewall, it
can play in the user-defined chain as much as it likes.




More information about the fedora-list mailing list