On Tue, September 27, 2005 15:55, Edmundo Carmona wrote: > On 9/27/05, Rob Sterenborg <rob@xxxxxxxxxxxxxxx> wrote: > ... >> >> $IPTABLES -A FORWARD -i $LAN_IFACE -m state --state NEW \ >> -p tcp --dport 25 -j LOG --log-prefix "SMTP_REJECT: " >> $IPTABLES -A FORWARD -i $LAN_IFACE -m state --state NEW \ >> -p tcp --dport 25 -j REJECT --reject-with tcp-reset >> > > I have had this question in my mind for some time by now, but never > had the need to answer it.. however, this post brings it on. > > As you can see, first, you have a LOG, and then in the same chain for > the same traffic, you REJECT. What other targets allow traversal to > go on in the same chain? Not all targets are valid in every chain, but I suppose that would be (almost ?) all targets that alter packets in some way (not NAT/MASQ) and do not decide wether to ACCEPT, REJECT or DROP a packet. Of course, if you don't specify a target (use a rule as byte-counter or something) a packet passes through to the next rule. For targets, see also man iptables. (http://iptables-tutorial.frozentux.net/other/iptables.html) Gr, Rob
