On lör, 2008-07-12 at 16:28 -0400, tung tran wrote: > I have another question, if I use QUEUE, is there any way that I can > pass a packet back to a chain after processing it? For example, I use > libipq to receive a packet from kernel (through the special QUEUE > chain) and process the packet. After processing the packet, I do not > want to ACCEPT or REJECT the packet, but pass it back to a different > chain, for example INPUT. Can I do this? The verdict from the QUEUE handler needs to be a final ACCEPT/DROP verdict from that chain. But on ACCEPT the packet continues as if the iptables rule had been an ACCEPT rule. The next priority handler will be called in the netfilter hook, and then the packet will continue in the ip stack as usual.. So you can use QUEUE in PREROUTE, return ACCEPT and then see it in INPUT again as that a different hook. You can also use QUEUE in the raw table and then see the packet in filter/mangle/nat as these are different even if you are using the same hook. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
