steve wrote:
So as far as the filter table is concerned, in this context, there isn't any difference between your 'home' network and the 'world' network. The rule will just be matched against the networks mentioned in the rules. Think about it a bit. Your rules might even mention a src/dest addresses on networks that none of your interfaces are even part of.
Mentioning an action in the INPUT chain simply means that the packet would be examined when received and filtered accordingly.
So there is no input point and output point. The setup that I will have is a box with 2 ethernet ports, one connected to the MTNL router and the other to the LAN. How will the firewall recognize the inbound/outbound traffic directions as it is inbound for one interface and outbound for the other and vice versa. In a GUI firewall I remember it asking which is the local device and which is on the internet. Will I have to make all rules based on each ethernet device as well as ip addresses to let iptables know direction?