Red Hat Bugzilla – Bug 79516
Official Redhat Security Guide has some misinformation
Last modified: 2014-08-04 18:14:11 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Description of problem:
Documentation Page Reference : rhl-sg(EN)-8.0-HTML-RHI (2002-08-30T11:29-0400)
I was just reading the above document regarding security when I noticed some
mistakes in the section entitled 'Using iptables'.
The documentation states that the OUTPUT chain is used for packets travelling
from an internal LAN to the internet (ie 'through' the firewall), this is not
so. The OUTPUT chain is used *only* for packets originating from local
processes on the iptables machine itself, likewise, the INPUT chain is used
*only* for packets that are destined for processes running locally on the
iptables machine itself. The FORWARD chain is used for *all* other packets ...
including all packets that are going from one network to another, whichever way
they travel through the machine (ie in the LAN<->Inet example above, either in
a LAN->Inet fashion, or Inet->LAN) ..... sorry to be nit-picky, but it is an
important distinction, and there are a lot of postings on the netfilter mailing
list about this very point.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Just have a read ... ;)
Thank you for the input. The firewall chapter will be revised with a clearer
distinction between INPUT, OUTPUT, and FORWARD chains to alleviate confusion and
prevent possible misconfiguration.
Thanks again for the suggestion. The Security Guide will improve with each new
release due in large part to reader input like yours.