I have a feeling I know the answer, but just double checking to make sure I'm not missing anything.
When learning all about the firewall, I see a lot of videos and documents where people have their firewall rules for input and forward chains all mixed together. Sort of like this.
input rule 1
input rule 2
forward chain rule 1
input rule 3
forward chain rule 2
input rule 4
forward chain rule 3
forward chain rule 4
forward chain rule 5 (the final deny rule on forward chain)
input rule 5 (the final deny rule on input chain)
But I'm not sure why so many people do it this way, it seems sloppy. Won't any input chain traffic just skip right over those forward chain rules, and just go through input rules in order 1,2,3,4,5?
Wouldn't the exact same effect be achieved by organizing them like shown below, while providing easier readability? Since traffic should be destined for one chain or the other, no reason to interlace them together right?
input rule 1
input rule 2
input rule 3
input rule 4
input rule 5 (the final deny rule on input chain)
forward chain rule 1
forward chain rule 2
forward chain rule 3
forward chain rule 4
forward chain rule 5 (the final deny rule on forward chain)