From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Description of problem: Documentation Page Reference : rhl-sg(EN)-8.0-HTML-RHI (2002-08-30T11:29-0400) Hi, I was just reading the above document regarding security when I noticed some mistakes in the section entitled 'Using iptables'. The documentation states that the OUTPUT chain is used for packets travelling from an internal LAN to the internet (ie 'through' the firewall), this is not so. The OUTPUT chain is used *only* for packets originating from local processes on the iptables machine itself, likewise, the INPUT chain is used *only* for packets that are destined for processes running locally on the iptables machine itself. The FORWARD chain is used for *all* other packets ... including all packets that are going from one network to another, whichever way they travel through the machine (ie in the LAN<->Inet example above, either in a LAN->Inet fashion, or Inet->LAN) ..... sorry to be nit-picky, but it is an important distinction, and there are a lot of postings on the netfilter mailing list about this very point. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.Just have a read ... ;) 2. 3. Additional info:
Thank you for the input. The firewall chapter will be revised with a clearer distinction between INPUT, OUTPUT, and FORWARD chains to alleviate confusion and prevent possible misconfiguration. Thanks again for the suggestion. The Security Guide will improve with each new release due in large part to reader input like yours.