>iptables will process rules until a match. If the match is -j >ACCEPT/REJECT/DROP, it will end processing there. If it's -j >another_chain, it will jump to the other chain. If it matches a rule >in the other chain with -j ACCEPT/REJECT/DROP, it will stop processing >there. Otherwise, if no rules in this inner chain matches, it will >resume processing in the outer chain just after the rule which jumped >to the inner chain. Filipe, Appreciate the help, but I think I am still unsure of that last point. If the default policy for INPUT is DROP, and a rule "allowing" traffic is not matched, once it gets to the end it performs the default policy action from what I have gathered now. This contradicts the suggestion you make about it jumping to the next chain? Are you sure (it was an RH instructor today that explained this to me)? Thanks! jlc _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos