Why does Fedora do this with iptables?
Bill Davidsen
davidsen at tmr.com
Thu Sep 20 21:56:12 UTC 2007
Robert Nichols wrote:
> Michael Klinosky wrote:
>> I have F7, and believe that FC6 also did this.
>>
>> I'd like to know why Fedora creates a user-defined chain -
>> "RH-Firewall-1-INPUT". Is that better than putting the rules into INPUT?
>
> Note that the RH-Firewall-1-INPUT chain is called from two places.
> Think about it.
>
I have, but it doesn't jump out why you would assume that you want to
have the same INPUT and FORWARD rules. Perhaps some assumptions about
how people use their systems, and certainly not always desirable for
multi-homed systems, including running VMs with xen or kvm, and I can't
imagine doing that on a firewall.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users
mailing list