On 2007-05-11, G��Lajos <swifty@xxxxxxxxxxx> wrote: > Hi all, > > I was reading the iptables manual because I needed the correct arguments > of the policy (-P) command. > Here it is: > > -P, --policy chain target > Set the policy for the chain to the given target. See the > section TARGETS for the legal targets. Only built-in (non-user-defined) > chains can > have policies, and neither built-in nor user-defined > chains can be policy targets. > > So I checked the TARGETS. > > TARGETS > A firewall rule specifies criteria for a packet, and a target. > If the packet does not match, the next rule in the chain is the > examined; if it does > match, then the next rule is specified by the value of the > target, which can be the name of a user-defined chain or one of the > special values ACCEPT, > DROP, QUEUE, or RETURN. > > My question is: What is the difference between the ACCEPT and the RETURN > target in policy ??? :D > I think this is missunderstadning in man page. If you read the TARGETS section carefully you could see here is nothing about policy even if -P paragraph referres to it. My opinion is ACCEPT and DROP only are valid policies. I don't know where I have this idea from but I'm pretty sure that other targets have not sense in policy context. -- Petr
