On 01/22/2014 11:45 AM, Thomas Woerner wrote:
Yes, the _direct chains are used for direct rules, that are added to netfilter built-in chains. You can also create own chains and use them as a target in a _direct rule...
Thank you guys. I guess then that libvirt should use it since, as soon as you start libvirt, you see all these rules thrown in for the INPUT built-in, as opposed to be using INPUT_direct (they're using the direct interface).
Cheers! Jorge