Dnia niedziela, 5 lutego 2006 10:22, Rob Sterenborg napisał: > You SHOULD NOT FILTER in tables other than the filter table (the first > rule). > > Using the mangle table you can alter packets in the FORWARD chain. > In the filter table you cannot. > In the mangle table you can filter packets, but you SHOUD NOT. Why one SHOULD NOT filter in the mangle chain? Are there any philosophical reasons? Is it a sin? Does it make kernel angry? :-> Performance? > http://iptables-tutorial.frozentux.net/iptables-tutorial.html > > http://www.aptalaska.net/~jclive/IPTablesFlowChart.pdf > > http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png Thx for links! Really great. Krzysztof
