I found a flowchart that gives a simple complete graphical picture that
explains how iptables protect, but still looking for one that is
more complete. Perchance, a firefox addon, or a website
connection, that has proper iptable approval to run, but then tries to bypass
Linux security layers, affecting root, system, or admin operations,
thereby becoming an intruder packet. How that would picturely get
the Linux OS to do something to deny it access, log it, and continue
operating virus or intruder free. Should help looking at the picture then.
A picture is worth a thousand words, still looking then.