On Tue, September 27, 2005 15:55, Edmundo Carmona wrote: > On 9/27/05, Rob Sterenborg <rob@xxxxxxxxxxxxxxx> wrote: > ... >> >> $IPTABLES -A FORWARD -i $LAN_IFACE -m state --state NEW \ >> -p tcp --dport 25 -j LOG --log-prefix "SMTP_REJECT: " >> $IPTABLES -A FORWARD -i $LAN_IFACE -m state --state NEW \ >> -p tcp --dport 25 -j REJECT --reject-with tcp-reset > > I have had this question in my mind for some time by now, but never > had the need to answer it.. however, this post brings it on. > > As you can see, first, you have a LOG, and then in the same chain for > the same traffic, you REJECT. What other targets allow traversal to > go on in the same chain? Not all targets are valid in all chains, but I guess that those would be most targets that alter a packet, not being NAT or MASQ, and of course rules without a target. If a rule doesn't make a decision wether to ACCEPT, REJECT, DROP, NAT or MASQ a packet, a packet continues to traverse. (I hope I summed it all now.. Please correct me if I'm wrong.) For valid targets, check man iptables. Gr, Rob
