[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Why does Fedora do this with iptables?



Robert Nichols wrote:
Michael Klinosky wrote:
I have F7, and believe that FC6 also did this.

I'd like to know why Fedora creates a user-defined chain - "RH-Firewall-1-INPUT". Is that better than putting the rules into INPUT?

Note that the RH-Firewall-1-INPUT chain is called from two places.
Think about it.

I have, but it doesn't jump out why you would assume that you want to have the same INPUT and FORWARD rules. Perhaps some assumptions about how people use their systems, and certainly not always desirable for multi-homed systems, including running VMs with xen or kvm, and I can't imagine doing that on a firewall.

--
Bill Davidsen <davidsen tmr com>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]