Timeline for What is the difference between OUTPUT and FORWARD chains in iptables?
Current License: CC BY-SA 4.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| S Nov 17, 2019 at 23:06 | history | suggested | Johnathan J. | CC BY-SA 4.0 | corrected a typo. 'mnangling' should have been 'mangling'. I think. |
| Nov 17, 2019 at 22:16 | review | Suggested edits | |||
| S Nov 17, 2019 at 23:06 | |||||
| Feb 4, 2016 at 7:14 | vote | accept | Mike B | ||
| Oct 18, 2013 at 8:20 | comment | added | Gilles 'SO- stop being evil' | @Grizly No, from memory (I admit I haven't tested specifically when writing this answer) and according to the diagram I link to, a packet always goes through exactly one of the three filter chains (INPUT or OUTPUT or FORWARD). (Assuming some other chain doesn't drop it before.) The mangle and nat chains are different, maybe you were thinking of the mangle chain? | |
| Oct 18, 2013 at 1:55 | comment | added | Grizly | Not quite, packets that are "forwarded" are also "output" by the network interface.. just as packets are "input" before they are "forwarded".. Packet goes in, destined for foreign system, packet enters "forward" chain, iptables decides its OK to forward, packet enters "output chain", iptables checks, see's its "ok" to output, packet leaves.. simples! | |
| Oct 18, 2013 at 0:09 | comment | added | Mike B | Interesting... so for the purpose of my understanding, is it fair to say that OUTPUT is for packets that are "originating" from the system... and FORWARD is for packets that don't originate from the system or are destined for it and instead are going "through" the system? | |
| Oct 17, 2013 at 23:43 | history | answered | Gilles 'SO- stop being evil' | CC BY-SA 3.0 |