User manual
Basic Firewall
Cobalt Qube 3 User Manual 59
The lifecycle of a packet within the Qube 3
When a packet enters the Qube 3 server through a network interface, the firewall
system applies the input chain against the packet before it is allowed to proceed
any further into the system.
If the input chain rejects or denies the packet, the Qube 3 discards the packet.
If the input chain accepts the packet, the Qube 3 then makes a routing decision
about the packet: either to pass the packet to a local process (such as the Web
server on the Qube 3) or to schedule the packet to be forwarded to another
computer.
If the packet is scheduled to be forwarded, the firewall system applies the forward
chain against the packet. If the forward chain rejects or denies the packet, the
Qube 3 discards the packet. If the forward chain accepts the packet, the firewall
system applies the output chain against the packet.
If a packet attempts to leave the Qube 3 through a network interface, the firewall
system applies the output chain against the packet. If the output chain rejects or
denies the packet, the Qube 3 discards the packet without transmitting it. If the
output chain accepts the packet, the firewall system allows the Qube 3 to transmit
the packet.
The output chain tests both existing packets that have just passed the forward
chain as well as new packets created by local services on your Qube 3 (for
example, the Web server responding to a request for a Web page).
To sum up the ipchains process:
• any packet entering the Qube 3, destined for a local service on the Qube 3,
must pass the input chain of rules
• any packet originating within your Qube 3, destined for another computer,
must pass the output chain of rules
• any packet entering your Qube 3 and being immediately forwarded to
another computer must pass all three chains of rules: input, forward and
output