Board index Linux Networking

iptables: rule with RETURN target after a rule with the ACCEPT target

iptables: rule with RETURN target after a rule with the ACCEPT target

Post by Nerok » Thu, 26 Apr 2007 05:43:14



Hi, i've seen in several scripts the following configuration for
iptables:

iptables criteria -j ACCEPT
iptables the_same_criteria_as_above -j RETURN

for instance:

iptables -A INPUT -p tcp -m tcp --dport 100 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 100 -j RETURN

The last rule will be never matched, since all tcp incoming
connections with a destination port equal to 100 will be accepted, and
thus this connection will be testing for the next chain. The last line
is useless. So, what's the utility of this configuration?.

TIA

 
 
 
Top

1. iptables: rule with RETURN target just after a rule with ACCEPT target

Hi, I've seen in several scripts the following layout:

iptables criteria -j ACCEPT
iptables the_same_criteria_as_above -j RETURN

for example:

iptables  -A INPUT -p tcp -m tcp --dport 100 -j ACCEPT
iptables  -A INPUT -p tcp -m tcp --dport 100 -j RETURN

The last rule will be never matched, because all tcp incoming
connections will be accepted, and then will go throw the next chain.
So, What is the usefulness of this configuration?

IMHO, I think is for changing the scripts in a fast way (just
commenting on the first line will yield in default policy for the
INPUT chain)

TIA

2. HP Laserjet 4MP

3. Make command returns: "No rule to make target 'Foobar'"

4. programming questions?

5. "No rule to make target" error?

6. Script to list inactive users (FIX)

7. Apache2: ***No rule to make target `certificate'.

8. Really no-one for my DHCP problem?

9. 'no rule to make target config' Error

10. make: *** No rule to make target

11. gmake: *** No rule to make target ???!!!

12. Converting ipchains rules to iptables rules?

13. 1.3.20 compile error: no rule to make target stdarg.h?


All times are UTC
Board index