On 12/09/2007, Michael Klinosky <mpk2@xxxxxxxxx> wrote: > Michael S.: > > With iptables/netfilter, user-defined chains are *essential* for many > > firewall implementation details. There are some things you cannot do > > without using user-defined chains (e.g. a logical AND for certain > > types of traffic). Get used to it. > > OK. But, why put everything into a U-D chain? Why not? What's bad? > I figure that the geek > thing would be to have them for only that which needs it. For the geek the jump into a user-defined chain is easier to switch on/off and display/hide than an entire set of rules in a customised built-in chain. With regard to a tool like system-config-firewall, it can play in the user-defined chain as much as it likes.