> iptables -A FORWARD -s 10.1.2.3 -j ACCEPT > iptables -A FORWARD -s 10.1.2.0/255.255.255.0 -j DROP > > Under this scenario a packet from 10.1.2.3 would fall under both rules. > But would the packets be dropped or allowed to go through? It will be allowed because ACCEPT/DROP are nonreturning rules and the decision is final. Note that there are returning targets, like: LOG, TOS, etc. After matching these the traversal continues. Regards, Maciej
