On Tuesday 30 March 2004 12:33 pm, Cody Harris wrote:
> On Tue, 30 Mar 2004 08:48:16 +0100, Antony Stone wrote:
> >
> > I think you've got it now.
>
> Great!
>
> > Netfilter does not make routing desicions - the Linux kernel does that,
> > even when you're not running netfilter. Netfilter simply adds the
> > ability to drop some packets *instead* of routing them on (in the filter
> > tables), or to change where they're addressed to (in the nat table).
>
> So instead of changing the decision, it changes the packet to change the
> routing decision?
Yes, I'd say that's a good way of putting it.
> If we've covered the NAT table, what's the mangle table?
Tha mangle table is aptly named, and allows you to fiddle about with bits of
the packets headers which most people wouldn't even think of changing -
things like the TTL (Time To Live) field, the TOS (Type Of Service) field,
and for MARKing packets (which doesn't actually change the packet, but allows
netfilter to carry a special marker around with the packet during further
processing).
Regards,
Antony.
--
The truth is rarely pure, and never simple.
- Oscar Wilde
Please reply to the list;
please don't CC me.
