I find that there are fix coded in firewalld that many default rules (and chains) that are meaning less, such as all ip in and all ip out in security iptable table. Why are they existed ? Can we remove them ? And I also find that the network performance will be improved if I rmmod some kernel modules, i.e. iptable_mangle.ko, iptable_security.ko. And for SuSEfirewall, there is NO such kos inserted. Why firewalld inserted them fixedly ? Will function be developed to dynamically remove such kos ?