[CentOS] IPTables help

Joseph L. Casale JCasale at activenetwerx.com
Sat May 24 06:49:25 UTC 2008


>iptables will process rules until a match. If the match is -j
>ACCEPT/REJECT/DROP, it will end processing there. If it's -j
>another_chain, it will jump to the other chain. If it matches a rule
>in the other chain with -j ACCEPT/REJECT/DROP, it will stop processing
>there. Otherwise, if no rules in this inner chain matches, it will
>resume processing in the outer chain just after the rule which jumped
>to the inner chain.

Filipe,
Appreciate the help, but I think I am still unsure of that last point.
If the default policy for INPUT is DROP, and a rule "allowing" traffic
is not matched, once it gets to the end it performs the default policy
action from what I have gathered now.

This contradicts the suggestion you make about it jumping to the next chain?
Are you sure (it was an RH instructor today that explained this to me)?

Thanks!
jlc



More information about the CentOS mailing list