All of lore.kernel.org
 help / color / mirror / Atom feed
From: Cedric de Launois <delaunois@info.ucl.ac.be>
To: Robert de Bath <list-netfilter@debath.co.uk>
Cc: Netfilter-devel <netfilter-devel@lists.netfilter.org>
Subject: Re: The big Picture of all the tables ...
Date: Mon, 06 Jun 2005 10:00:27 +0200	[thread overview]
Message-ID: <1118044827.21909.11.camel@descartes.info.ucl.ac.be> (raw)
In-Reply-To: <3abe8064b60ddf1a@mayday.cix.co.uk>

Le samedi 04 juin 2005 à 19:10 +0100, Robert de Bath a écrit :
> Hi all,
> 
> I _think_ the attached picture shows all the predefined chains in all
> the tables that the kernel uses in the order that it uses them (except
> for the raw table).

> 4) Is there anything else that can make a packet deviate (cf: DROP)

The ROUTE target (in pom) was initially designed to directly send a
packet on the wire, on a given interface. In such case, the target is
put on the mangle PREROUTING chain, and the packet that matches the
ROUTE target is re-injected _after_ the mangle POSTROUTING chain (so
that conntrack is not confused by strangely routed packets).

If the --continue option of the ROUTE target is used, then the packet is
routed by the target, and continues its journey through the rules. In
your figure, it should now become obvious to beginners why the use of
the --continue option is most useful in mangle POSTROUTING, and useless
on the PREROUTING chain...

Cedric

      parent reply	other threads:[~2005-06-06  8:00 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-06-04 18:10 The big Picture of all the tables Robert de Bath
2005-06-04 20:50 ` Jonas Berlin
2005-06-04 21:30   ` Matthew Strait
2005-06-06 21:08   ` Andy Furniss
2005-06-04 21:10 ` Jonas Berlin
2005-06-04 21:47   ` Alexander Samad
2005-06-04 21:49   ` Robert de Bath
2005-06-04 22:11     ` Jonas Berlin
2005-06-05 10:08       ` Jørn Andre
2005-06-05 21:48       ` Henrik Nordstrom
2005-06-06  8:00 ` Cedric de Launois [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1118044827.21909.11.camel@descartes.info.ucl.ac.be \
    --to=delaunois@info.ucl.ac.be \
    --cc=list-netfilter@debath.co.uk \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.