Bug 79516 - Official Redhat Security Guide has some misinformation
Official Redhat Security Guide has some misinformation
Product: Red Hat Web Site
Classification: Red Hat
Component: Documentation (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: John Ha
Tammy Fox
: Documentation, FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2002-12-12 12:06 EST by Richard Oatridge
Modified: 2014-08-04 18:14 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-12-12 12:17:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Richard Oatridge 2002-12-12 12:06:32 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)

Description of problem:
Documentation Page Reference : rhl-sg(EN)-8.0-HTML-RHI (2002-08-30T11:29-0400)


I was just reading the above document regarding security when I noticed some 
mistakes in the section entitled 'Using iptables'. 
The documentation states that the OUTPUT chain is used for packets travelling 
from an internal LAN to the internet (ie 'through' the firewall), this is not 
so. The OUTPUT chain is used *only* for packets originating from local 
processes on the iptables machine itself, likewise, the INPUT chain is used 
*only* for packets that are destined for processes running locally on the 
iptables machine itself. The FORWARD chain is used for *all* other packets ... 
including all packets that are going from one network to another, whichever way 
they travel through the machine (ie in the LAN<->Inet example above, either in 
a LAN->Inet fashion, or Inet->LAN) ..... sorry to be nit-picky, but it is an 
important distinction, and there are a lot of postings on the netfilter mailing 
list about this very point.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Just have a read ... ;)

Additional info:
Comment 1 John Ha 2002-12-12 12:56:35 EST
Thank you for the input. The firewall chapter will be revised with a clearer
distinction between INPUT, OUTPUT, and FORWARD chains to alleviate confusion and
prevent possible misconfiguration. 

Thanks again for the suggestion. The Security Guide will improve with each new
release due in large part to reader input like yours.

Note You need to log in before you can comment on or make changes to this bug.