[CentOS] Firewall frustration
Christopher Chan
christopher at ias.com.hk
Fri Jan 4 01:51:55 UTC 2008
> ip src/dest is used for routing decisions by the kernel. The IP state
> machine (check the RFC or any decent TCP/IP textbook) is really quite
> simple. But iptables sticks its nose into the center of that state
> machine and can mangle addresses to change how packets flow through the
> machine, or just simplely yank packets right out of the machine with a
> simple NO (drop).
>
> So in my mind's eye of the IP state machine (my MSU CPS 410 prof was
> death on state machines; turn in a perfectly executing assignment
> without one and there went half your grade. See HIP for its state
> machine) is dictated by iptables as to what it is allowed to route.
That just means iptables can influence routing by manipulating packet
headers. Routing is still controlled by the kernel.
More information about the CentOS
mailing list