https://netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-6.html , are you saying
A program running on the box can send network packets. These packets pass through the OUTPUT chain only if the INPUT chain allows it
?
If you do, note my understanding of statement 4 at buttom of the link is different. Am I wrong?
You are correct. I was wrong. You can even see it in the flow diagram I linked [1]. Thank you for pointing that out! If it was on a separate router/firewall machine the reasoning would hold, I think. Please correct me if I am wrong! I guess, it is back to not understanding why blocking inbound connections would be a problem for outbound connections. Best, Christian [1]: https://en.wikipedia.org/wiki/Iptables#/media/File:Netfilter-packet-flow.svg