Input: Applies to network packets targeted for the host. Output: Applies to locally-generated network packets before they are sent out. Forward: Applies to network packets routed through the host. Every network packet received by or sent from a Linux system is subject to at least one table. However, a packet may be subjected to multiple rules within each table before emerging at the end of the chain. The structure and purpose of these rules may vary, but they usually seek to identify a packet coming from or going to a particular IP address, or set of addresses, when using a particular protocol and network service. Figure 1 outlines how the flow of packets is
In this example, we changed the name of the chain from allowed to disallowed.
-F: Flushes the selected chain, which effectively deletes every rule in the chain. If no chain is specified, this command flushes every rule from every chain.
-h: Provides a list of command structures, as well as a quick summary of command parameters and options.
-I [<integer>]: Inserts the rule in the specified chain at a point specified by a user-defined integer argument. If no argument is specified, the rule is inserted at the top of the chain.