All of lore.kernel.org
 help / color / mirror / Atom feed
From: Patrick McHardy <kaber@trash.net>
To: ilninno <ilninno@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: How can i leave a packet to continue the iptables ruleset checking?
Date: Mon, 12 Jan 2009 06:10:52 +0100	[thread overview]
Message-ID: <496AD0DC.1070102@trash.net> (raw)
In-Reply-To: <92770c820812231302q709cba94ua93e0ec210a906a1@mail.gmail.com>

ilninno wrote:
> Hello! I have some problems with netfilter_queue:
> 
> I created a queue and registered my c program, when a packet matchs
> with the iptables rules my code get the event. i usually return
> NF_ACCEPT and NF_DROP, but sometimes i need to leave the packet to
> continue with iptables rules checking, i tried with:
> 
> 1- Using NF_QUEUE: WIth this option the packet enter again in iptables
> rules (from rule 1 to NFQUEUE rule), but i only want to check (from
> NFQUEUE rule to end).
> 
> 
> rule:   $IPTABLES -A OUTPUT -m state --state NEW -j NFQUEUE --queue-num 0
> 
> 
> 
> How can i leave the packet to continue in iptables ruleset without
> beginning again?  Thanks for your time.

You can use NF_REPEAT to enter the same chain again and mark
the packet to skip the first rules or jump to a seperate chain.

      parent reply	other threads:[~2009-01-12  5:11 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-12-23 21:02 How can i leave a packet to continue the iptables ruleset checking? ilninno
2009-01-01 20:55 ` ilninno
2009-01-01 23:12   ` Eric Leblond
2009-01-12  5:10 ` Patrick McHardy [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=496AD0DC.1070102@trash.net \
    --to=kaber@trash.net \
    --cc=ilninno@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.