Robert Nichols wrote:
I have, but it doesn't jump out why you would assume that you want to have the same INPUT and FORWARD rules. Perhaps some assumptions about how people use their systems, and certainly not always desirable for multi-homed systems, including running VMs with xen or kvm, and I can't imagine doing that on a firewall.Michael Klinosky wrote:I have F7, and believe that FC6 also did this.I'd like to know why Fedora creates a user-defined chain - "RH-Firewall-1-INPUT". Is that better than putting the rules into INPUT?Note that the RH-Firewall-1-INPUT chain is called from two places. Think about it.
-- Bill Davidsen <davidsen tmr com> "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot