If OUTPUT chain default policy is ACCEPT, is there any use case for the following rule?
-A OUTPUT -o $INTIF -s $EXTIP -d $INTNET -j ACCEPT
Asked
Active
Viewed 164 times
1 Answers
3
Some simple tools use this as a way to count traffic matching a particular rule. There can be other rules later which would block packets if they are not explicitly allowed earlier.
cstamas
- 6,707
- 25
- 42
-
Still I don't understand in which cases I may have a packet, coming out of LAN, which has src ip of WAN and directed to LAN devices. – Michael Mar 13 '11 at 13:20
-
@Michael: There may be a NAT rule for LAN based packets sent to the external IP (web, mail server, etc.). This would count those packets. – BillThor Mar 13 '11 at 13:54