Introduction : Firewall/Packet Filtering on the OnBoard Appliance : Chains

Chains
A chain is a kind of named profile that includes one or more rules that define the following:
The OnBoard appliance comes with a number of built-in chains with hidden rules that are preconfigured to control communications between devices that are connected to the OnBoard appliance’s private Ethernet ports and devices on the public side of the OnBoard appliance. The default chains are defined in filter and nat iptables. The mangle table is not used.
The built-in chains are named according to the type of packets they handle, as shown in the following lists. The first three chains are in the iptables filter table: INPUT, OUTPUT and FORWARD.
These three chains are in the nat table: PREROUTING, POSTROUTING and OUTPUT. These chains implement NAT (network address translation) including the redirecting packets addressed to a virtual IP to the device’s real IP address and hiding the device’s real IP address when the device sends packets to the authorized user: