Bug 79516 - Official Redhat Security Guide has some misinformation
Summary: Official Redhat Security Guide has some misinformation
Alias: None
Product: Red Hat Web Site
Classification: Red Hat
Component: Documentation
Version: current
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: John Ha
QA Contact: Tammy Fox
Depends On:
TreeView+ depends on / blocked
Reported: 2002-12-12 17:06 UTC by Richard Oatridge
Modified: 2014-08-04 22:14 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2002-12-12 17:17:30 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Richard Oatridge 2002-12-12 17:06:32 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)

Description of problem:
Documentation Page Reference : rhl-sg(EN)-8.0-HTML-RHI (2002-08-30T11:29-0400)


I was just reading the above document regarding security when I noticed some 
mistakes in the section entitled 'Using iptables'. 
The documentation states that the OUTPUT chain is used for packets travelling 
from an internal LAN to the internet (ie 'through' the firewall), this is not 
so. The OUTPUT chain is used *only* for packets originating from local 
processes on the iptables machine itself, likewise, the INPUT chain is used 
*only* for packets that are destined for processes running locally on the 
iptables machine itself. The FORWARD chain is used for *all* other packets ... 
including all packets that are going from one network to another, whichever way 
they travel through the machine (ie in the LAN<->Inet example above, either in 
a LAN->Inet fashion, or Inet->LAN) ..... sorry to be nit-picky, but it is an 
important distinction, and there are a lot of postings on the netfilter mailing 
list about this very point.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Just have a read ... ;)

Additional info:

Comment 1 John Ha 2002-12-12 17:56:35 UTC
Thank you for the input. The firewall chapter will be revised with a clearer
distinction between INPUT, OUTPUT, and FORWARD chains to alleviate confusion and
prevent possible misconfiguration. 

Thanks again for the suggestion. The Security Guide will improve with each new
release due in large part to reader input like yours.

Note You need to log in before you can comment on or make changes to this bug.