Hi Henrik, Really really appreciate your help. Thanks, Tung. On Sun, Jul 13, 2008 at 5:54 PM, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > On lör, 2008-07-12 at 16:28 -0400, tung tran wrote: >> I have another question, if I use QUEUE, is there any way that I can >> pass a packet back to a chain after processing it? For example, I use >> libipq to receive a packet from kernel (through the special QUEUE >> chain) and process the packet. After processing the packet, I do not >> want to ACCEPT or REJECT the packet, but pass it back to a different >> chain, for example INPUT. Can I do this? > > The verdict from the QUEUE handler needs to be a final ACCEPT/DROP > verdict from that chain. > > But on ACCEPT the packet continues as if the iptables rule had been an > ACCEPT rule. The next priority handler will be called in the netfilter > hook, and then the packet will continue in the ip stack as usual.. > > So you can use QUEUE in PREROUTE, return ACCEPT and then see it in INPUT > again as that a different hook. > > You can also use QUEUE in the raw table and then see the packet in > filter/mangle/nat as these are different even if you are using the same > hook. > > Regards > Henrik > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
