[ser_tyrion]

> they use raw sockets! Raw sockets are different than normal sockets: they bypass iptables

But this bugreport says raw sockets would be filtered by the OUTPUT chain of iptables: https://bugzilla.redhat.com/show_bug.cgi?id=1269914#c4

Is that accurate across distros? It does make sense for some socket types, like device sockets, to not be routed through iptables.

[barbegal]

I think that bug report is misleading. Raw sockets do bypass iptables but they still go through ebtables. They hook in at the ebtables NAT OUTPUT chain. See the diagram here https://erlerobotics.gitbooks.io/erle-robotics-introduction-...

[ser_tyrion]

Thanks for that great link