On Wednesday 30 October 2002 4:11 pm, Matthew G. Marsh wrote: > > The only thing I can think of is "which interface should this packet go > > out of", however that's certainly not the same sort of "decision" as > > there is between PREROUTING and INPUT or FORWARD, and I'm not even sure > > it belongs quite where it is shown... > > It does exist between OUTPUT and NAT. But the decision structure is more > along the lines of rule application. Thus you can issue rules such as: > > ip rule add from 10.1.1.1 dev lo table mytable prio 13000 > > and any packet coming from the local machine (ie exiting OUTPUT) would > then be acted upon by this rule. see? Fair enough, but I still don't think this is any sort of decision which affects netfilter (which would be the only point of putting it into the diagram, I think). The only decisions of interest to netfilter are "is the packet local ?" and if not "which interface is it going out of ?". Both of those have already been decided in the first routing decision, between prerouting and input / forward. I'm not convinced there's any purpose in having another routing decision shown between output and postrouting, especially in a document which is aimed at beginners. Regards, Anton. -- Success is a lousy teacher. It seduces smart people into thinking they can't lose. - William H Gates III
