Hi Eric,

> Thank you for applying the patch, I think it’s much better. Truthfully
> i am relieved that you are an iptables newbie and so am I!

:-P

> I think there could still be some work done to this recommendation.
> For example, when I use this updated iptables firewall selection, I am
> unable to telnet into ports open on localhost.  An example is that I
> am a heavy user of VNC/SSH tunnel connections and it doesn’t let me do
> that, it blocks e.g. port 5902.  (A similar naive rule in nftables
> does let this work!!!)

I'm not able to reproduce this. I built and started a container with an
ssh server on port 5902. And, I was able to connect fine with
telnet. Could you describe the precise steps, configuration, etc. to
reproduce this issue?

> But so many examples are given in iptables (esp. WireGuard stuff) and
> so if you have no objections, I would like to take a further look and
> maybe even ask around as to what the ‘ufw allow ssh’ behavior
> vis-a-vis iptables best practices.

Sure, please do! You don't need my permission for that! :-)

Regards,
Arun