<<snip>> > > > > Nope (thankfully) > I know now that there are two FORWARD chains, > mangle.FORWARD and filter.FORWARD. They have the same > name and are the same chain structure, they will > contain completely different rules. It's quite confusing for people used to working with ipchains:) The terminology changed a bit: Chains are now called tables and you have 3 root-tables: mangle, nat and filter. To select them you would use the '-t' option of iptables, defaulting to 'filter'. Then you have 5 'hooks': the places in the network subsystem where these tables can be used: PRE-ROUTING, INPUT, FORWARD, OUTPUT, POST-ROUTING Differents hooks accept different tables: the mangle table at all-5 hooks. the nat table at OUTPUT, PRE- and POST-ROUTING. and filter table at INPUT, FORWARD and OUTPUT. > >Not all tables > > are run on each chain. Eg. FORWARD table only has > > mangle/filter. > > Ok, you must mean "not all the chains are used in each > table", right? "The FORWARD chains only appear in the > mangle and filter tables", yes? > Therefore it was the correct terminology: not all tables are tun on each chain (hook). In ipchains it was the other way around. > > > > For a really good refreence on iptables in general, > > check out > > http://iptables-tutorial.frozentux.net/ > Did you check the http://lartc.org/howto/ ? It very clear and handson. Greetings, Ludo Stellingwerff.
