On Sunday 2011-10-09 11:05, "Oleg A. Arkhangelsky" wrote:
>Hello,
>
>I have a question regarding this piece of code in iptables.c:
>
> if (strcmp(chain, "POSTROUTING") == 0
> || strcmp(chain, "OUTPUT") == 0) {
> /* -i not valid with outgoing packets */
> if (cs.options & OPT_VIANAMEIN)
> xtables_error(PARAMETER_PROBLEM,
> "Can't use -%c with %s\n",
> opt2char(OPT_VIANAMEIN),
> chain);
> }
>
>I agree that "-i" is not valid for locally generated packets
>(that is what OUTPUT chain for). But for forwarded packets
>going through POSTROUTING this is not true. As far as I
>understand we can match for both input and output interface
>here (as in FORWARD).
Locally generated packets also appear in POSTROUTING.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
