In the context of collecting stats, is there any difference between these
two ?
iptables -A udp-out
and
iptables -A udp-out -j RETURN
There is no mentioned about how to jump from existing
built-in/or predefined chains, I supposed it is something
like this ?
iptables -I FORWARD -j udp-out -p xxx -i xxx -o xxx --sport
xxx --dport xxx ....and so on
Insert is used here so that it get invoked before being handled by other
rules in the chain and
RETURN is used in the user defined chain so that existing firewall rules are
not disrupted.
Any comments ?
Rgds.
----- Original Message -----
From: "Patrik Hildingsson" <ph@kurd.nu>
To: <LARTC@mailman.ds9a.nl>
Sent: Friday, February 07, 2003 7:56 AM
Subject: Re: [LARTC] Measuring throughput
> > iptables -N udp-out
> > iptables -A udp-out -j accept
>
> Unless you really want to accept the packets, leave -j ACCEPT out (assuing
you have a rule that accepts the traffic later or your default policy is set
to ACCEPT). The packet and bytecounters will still increase.
>
