On Thu, Jun 05, 2003 at 04:32:23PM +0800, sword wrote: > we all know that user can define chains he want,question is: which chain will match ip packet first? In netfilter ,kernel decide to which chain the ip packet will send by where ip packet issued and where it send to,so the chain INPUT,OUTPUT,FORWARD will select to process ip packet,so what about user-defined chain? User defined chain must appear as a target (-j) somewhere in the predefined system chain. For example, you may have iptables -A INPUT -p tcp -j user_tcp_chain which means your user chain will be used whenever the packets reaches the above rule and the packets are of tcp type. Jun
