First you need to know how the firewall treats packets leaving, entering, or passing through your computer. Basically there is a chain for each of these paths. Any packet entering your computer goes through the INPUT chain. Any packet that your . . .
First you need to know how the firewall treats packets leaving, entering, or passing through your computer. Basically there is a chain for each of these paths. Any packet entering your computer goes through the INPUT chain. Any packet that your computer sends out to the network goes through the OUTPUT chain. Any packet that your computer picks up on one network and sends to another goes through the FORWARD chain. The chains are half of the logic behind IPtables themselves.

The way that IPtables work is that you set up certain rules in each of these chains that control what happens to packets of data that pass through them. For instance, if your computer were to send out a packet to www.yahoo.com in order to request an HTML page, the packet would first pass through the OUTPUT chain. The kernel would look through the rules in the chain and see if any of them match. The first one that matches will decide the outcome of that packet. If none of the rules match, then the policy of the whole chain will be the final decision maker. Then whatever reply Yahoo! sends back will pass through the INPUT chain. It's no more complicated than that.

The link for this article located at Linux.com is no longer available.