for my own benefit, i'm trying to document the architecture of iptables, and i'm reading oskar andreasson's ubiquitous tutorial. early in that tutorial, he presents some tables showing the possible combinations of tables and chains, as well as a graphic portrayal of how packets traverse iptables. in all of that, the mangle table is shown as being part of only two chains: PREROUTING and OUTPUT. however, "iptables -L -t mangle" shows that the mangle table can incorporate rules in all five chains: INPUT, OUTPUT, FORWARD, PREROUTING and POSTROUTING, but that's not at all obvious from that tutorial. is it meaningful to ask where the mangle step would go in the diagram of packet processing in the INPUT, FORWARD and POSTROUTING chains? that is, depending on where those rules are processed, would the order make a difference in the other processing? is this making any sense? the diagram of packet processing in andreasson's tutorial makes perfect sense, except it just seems to omit those three "mangle" steps in the other chains which, AFAICT, clearly can exist. rday
