Hi All,

I'm in the process of setting up a new Virtual Private Server and am using Plesk to configure to firewall (among other things).

I have the firewall configured how I want it within Plesk. However, when I SSH into the box and list the firewall rules (using iptables -L -n) I get way more rules than I setup within Plesk.  I'm thinking that there must be several rules that were there beforehand as default from the hosting provider. One thing I do notice, however, is that for a given chain (in this case Input chain) the very first rule is:
-A INPUT -j VZ_INPUT

The INPUT chain looks something like this (as given by iptables -L -n):

Chain INPUT (policy DROP)
target     prot opt source               destination
VZ_INPUT   all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  190.93.240.0/20      0.0.0.0/0           tcp dpt:80
ACCEPT     tcp  --  108.162.192.0/18     0.0.0.0/0           tcp dpt:80

blah, blah.....

Chain VZ_INPUT (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:4643
... all the rest of the rules I entered in Plesk....

VZ_INPUT is a user-defined rule that Plesk puts in and that chain has all the rules I entered in the Plesk panel.
My question is: if the above VZ_INPUT rule is the very first rule in the INPUT chain, does that mean for all input packets jump to the VZ_INPUT chain and process those rules, thus bypassing all the other inputs?

The same sort of layout is also present for the OUTPUT & FORWARD chains.

Any thoughts are appreciated.
Thanks,
Peter