Gáspár Lajos wrote:
Hi all,
I was reading the iptables manual because I needed the correct
arguments of the policy (-P) command.
Here it is:
-P, --policy chain target
Set the policy for the chain to the given target. See
the section TARGETS for the legal targets. Only built-in
(non-user-defined) chains can
have policies, and neither built-in nor user-defined
chains can be policy targets.
So I checked the TARGETS.
TARGETS
A firewall rule specifies criteria for a packet, and a target.
If the packet does not match, the next rule in the chain is the
examined; if it does
match, then the next rule is specified by the value of the
target, which can be the name of a user-defined chain or one of the
special values ACCEPT,
DROP, QUEUE, or RETURN.
My question is: What is the difference between the ACCEPT and the
RETURN target in policy ??? :D
in http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=iptables :
TARGETS
(...)
*ACCEPT means to let the packet through.*
DROP means to drop the on the floor.
QUEUE means to pass the packet to userspace (if ported by the kernel).
*RETURN means stop traversing this chain and
resume at the next rule in the previous (calling) chain. If the end
of a built-in chain is reached or a rule in a built-in chain with tar-
get RETURN is matched, the target specified by the chain policy deter-
mines the fate of the packet.*
Best Regards
pandre
