I am wondering about the relationship between kernel modules and the firewall chain (fw ctl debug -m & fw ctl chain)
I've gone through sk98799, but it raised a few questions for me.
As I understand, I can see which modules are active on the firewall by running fw ctl debug -m command.
And the chains (fw ctl chain) is the path/order of which the Check Point kernel will handle the traffic, based on configuration different modules will be enabled and since they are divided into the chains, the number of chains will be different.
Is my understanding of the kernel modules and chains correct?
I get a bit confused regarding how to know where to perform the debug. Based on research on various forums & other locations, I've come to understand that several modules can work within one chain, for example "VM" chain module.
But how do I know where in the chain a module is working for example WS or RTM module?
As a general question as well, what does the output of fw ctl conn -a mean?
Thanks in advance!