Re: Filtering in PREROUTING

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

george a écrit :


One question arises - in Ch 6 it says connection tracking (coming in)
happens between raw and mangle tables,


Yes. Same with outgoing locally generated packets.


but in Ch 7 it says it's handled in PREROUTING.
This is a misuse of the name PREROUTING, to make things easier to understand. PREROUTING is only an iptables built-in chain for some tables, and of course connection tracking does not occur in any iptables chain, as it is independent from iptables. Connection tracking of incoming packets is called from the NF_IP_PRE_ROUTING hook (see http://www.netfilter.org/documentation/HOWTO/netfilter-hacking-HOWTO-3.html), which is the same hook the PREROUTING chains of the various tables are called from.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux