On Thu, 6 Nov 2003, Tom Lahti wrote:
> ACCEPT will continue down the table. You want to use RETURN, not
> ACCEPT. Otherwise, it will still match the REDIRECT rule later in the table.
No, it won't.
ACCEPT is a terminal target in iptables. Terminal targets terminate all
processing of that hook in that table with the result of the terminal
target.
REDIRECT is not a terminal target, it just returns from this chain.
If you are not using custom defined chains the effect of ACCEPT and RETURN
is the same as returning from the hook chain is the same as accepting the
packet, but if you are using custom defined chains then the difference is
significant as ACCEPT is terminal no matter where it is executed while
RETURN just causes processing to continue with the next rule in the chain
that jumped to your custom chain.
Regards
Henrik
Received on Thu Nov 06 2003 - 16:42:26 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:10 MST