When a client communicates with a the server via HTTP, for example, there are many packets going in both directions. It means from the client to the server and vice versa.
I would like to ask how exactly Linux firewall or iptables installed on the client machine applies rules to these packets.
My possible explanations are:
- Only for the first packet sent from the client to the server it is determined based on the iptables rules what happens with the package. For the response packet from the server is applied the same rule as for the initial packet, e.g.
REJECT
,ACCEPT
. - Each packet irrespective if it is the initial packed or a response is handled by the iptables separately. iptables in this case does not care if the packet is a part of a connection to some server or if it is just a separate packet.