In the reference architecture, the security group functionality relies on iptables to perform traffic filtering. Iptables is a firewall built into Linux that allows a system administrator to define tables containing chains of rules that determine how network packets should be treated. Packets are processed by sequentially traversing rules in chains within the following tables:
Raw: This is a default table that filters packets before any other table. It is mainly used to configure exemptions from connection tracking and is not used by security groups or FWaaS.
Filter: This is a default table to filter packets.
NAT: This is a default table used for network address translation.
Mangle: This is a default table used for specialized packet alteration and is not used by security groups or FWaaS.
A rule in a chain can cause a jump to another chain, which in turn can jump to another chain and so on. This behavior can be repeated to whatever level of nesting is desired. If the...