[SNIP]
>
> iptables -N rule1
> iptables -A rule1 -j RETURN
> iptables -N rule2
> iptables -A rule2 -j RETURN
> iptables -N rule3
> iptables -A rule3 -j RETURN
>
> So now every packet destined for the local machine always wents through
> the INPUT chain. The default policy is set to drop.
> Now let´s say there´s a packet for the local machine. It went´s to the
> INPUT chain. The INPUT chain sends it to rule1. In rule one the RETURN
> traget sends it back to the INPUT chain. The INPUT chain sends it to
> rule2. Rule2 sends it back to the INPUT chain and so on till it is
> droppped by the default policy.
>
> iptables -P INPUT DROP
>
> iptables -A INPUT -j rule1
>
> iptables -N rule1
> iptables -A rule1 -j rule2
> iptables -N rule2
> iptables -A rule2 -j RETURN
> iptables -N rule1
> iptables -A rule1 -j RETURN
>
> Again the INPUT chain sends it to rule1. Rule1 sends it to rule2. Rule2
> sends it via RETURN back to rule1 and rule1 back to INPUT chain where it
> is dropped via default policy.
>
> I hope this will help you. You can see RETURN always sends a packet back
> to the outer chain from where it was send to the actual chain.
>
>
It was my understanding that a user chain could not jump to another user
chain, that this was only allowed in the default chains <input, output and
forward>?
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
...Love is the ultimate outlaw. It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice. Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question. The words
"make" and "stay" become inappropriate. My love for you has no
strings attached. I love you for free...
-Tom Robins <Still Life With Woodpecker>
