Hi, Mostly, people seem to write their filter chains splitting first by interface and/or address, then by protocol/port. I'm experimenting with doing it the other way round: I want to process all the ssh traffic in one chain, then all the smtp in another etc. This means that early on, I have something like: iptables -A INPUT -j protocol iptables -A FORWARD -j protocol iptables -A protocol -p tcp --dport 22 -j ssh But then I get a bit stuck. I need to then do different things depending on the source and destination - which includes whether this packet is arriving locally or being forwarded. Therefore it would be useful to know whether this packet started out in the INPUT or FORWARD chain - but that info seems to have been lost with the jump. Is there any way to regain that? Many thanks, Richard
