On Wednesday 09 October 2002 10:49 am, Robert P. J. Day wrote: > for my own benefit, i'm trying to document the architecture of > iptables, and i'm reading oskar andreasson's ubiquitous tutorial. Good idea. Good place to start :-) > early in that tutorial, he presents some tables showing the > possible combinations of tables and chains, as well as a graphic > portrayal of how packets traverse iptables. in all of that, > the mangle table is shown as being part of only two chains: > PREROUTING and OUTPUT. That was true of older versions of netfilter. Newer versions, as you have discovered, now have so-called "5-hooked mangle tables", so there are now 5 hooks into the mange table from each of the chains. > however, "iptables -L -t mangle" shows that the mangle table > can incorporate rules in all five chains: INPUT, OUTPUT, FORWARD, > PREROUTING and POSTROUTING, but that's not at all obvious from > that tutorial. That is because it was not true for the version of netfilter the version of the tutorial you are reading was written for :-) You might want to check the latest version of Oskar's tutorial at http://iptables-tutorial.frozentux.net and see if he talks about all five chains having mangle hooks now ? Antony. -- This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour, or irrational religious beliefs. If you have received this email in error, you are required to shred it immediately, add some nutmeg, three egg whites and a dessertspoonful of caster sugar. Whisk until soft peaks form, then place in a warm oven for 40 minutes. Remove promptly and let stand for 2 hours before adding some decorative kiwi fruit and cream. Then notify me immediately by return email and eat the original message.
