On Mon, 2023-08-07 at 15:05 +0000, John Horne wrote:
A slightly more descriptive name than just 'forward:' might
have
helped :-)
Going back to the older firewalls, there were input, output, and
forward rules. Input was incoming to this machine, output was outgoing
from this machine, and forward was going through/around/bypassing this
machine. In the same vein as with NAT rules, forwarding passed traffic
through to a new destination. That's how I would have interpreted
that.
e.g. If I have incoming traffic for a webserver, but this particular
machine wasn't the webserver. Traffic is sent through to where the
webserver actually is. Which could be another machine on the network,
or a virtual machine hosted within the same PC. I don't actually want
to accept that traffic going into the machine it has to skip past, so
the incoming rules are the wrong ones to fiddle with. In essence, the
firewall is between the network interfaces and the rest of the OS.
--
uname -rsvp
Linux 3.10.0-1160.92.1.el7.x86_64 #1 SMP Tue Jun 20 11:48:01 UTC 2023 x86_64
Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.