iptables: rule with RETURN target just after a rule with ACCEPT target

iptables: rule with RETURN target just after a rule with ACCEPT target

Post by Nerok » Thu, 26 Apr 2007 17:13:20



Hi, I've seen in several scripts the following layout:

iptables criteria -j ACCEPT
iptables the_same_criteria_as_above -j RETURN

for example:

iptables  -A INPUT -p tcp -m tcp --dport 100 -j ACCEPT
iptables  -A INPUT -p tcp -m tcp --dport 100 -j RETURN

The last rule will be never matched, because all tcp incoming
connections will be accepted, and then will go throw the next chain.
So, What is the usefulness of this configuration?

IMHO, I think is for changing the scripts in a fast way (just
commenting on the first line will yield in default policy for the
INPUT chain)

TIA

 
 
 

1. iptables: rule with RETURN target after a rule with the ACCEPT target

Hi, i've seen in several scripts the following configuration for
iptables:

iptables criteria -j ACCEPT
iptables the_same_criteria_as_above -j RETURN

for instance:

iptables -A INPUT -p tcp -m tcp --dport 100 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 100 -j RETURN

The last rule will be never matched, since all tcp incoming
connections with a destination port equal to 100 will be accepted, and
thus this connection will be testing for the next chain. The last line
is useless. So, what's the utility of this configuration?.

TIA

2. A/UX C Shell Programming Stupid Question

3. Make command returns: "No rule to make target 'Foobar'"

4. 55 File Manager windows are starting every time I boot Solaris!!!!

5. "No rule to make target" error?

6. Create pop-up windows on SunRays

7. Apache2: ***No rule to make target `certificate'.

8. Boot error

9. 'no rule to make target config' Error

10. make: *** No rule to make target

11. gmake: *** No rule to make target ???!!!

12. Converting ipchains rules to iptables rules?

13. 1.3.20 compile error: no rule to make target stdarg.h?