> > No, just FORWARD. > Actually depends if you use some kind of NAT or not.
How is this? If you're doing DNAT, then either the packet won't be NATted, and thus will go whichever way it's routed, or will be DNATted, and will traverse either INPUT or FORWARD as routed by the new destination. SNAT happens after filtering anyway, so doesn't apply. -EtherMage
