Hello,
I have a question regarding this piece of code in iptables.c:
if (strcmp(chain, "POSTROUTING") == 0
|| strcmp(chain, "OUTPUT") == 0) {
/* -i not valid with outgoing packets */
if (cs.options & OPT_VIANAMEIN)
xtables_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEIN),
chain);
}
I agree that "-i" is not valid for locally generated packets
(that is what OUTPUT chain for). But for forwarded packets
going through POSTROUTING this is not true. As far as I
understand we can match for both input and output interface
here (as in FORWARD).
So why we need this restriction?
--
wbr, Oleg.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
