Hello,
Ganesan Natarajan a écrit :
My requirement is before giving the packets to user space
application(even before routing) I need to filter the packets.
Why even before routing ? (Yes, I'm curious)
so I am using the the mangle table with PREROUTING chain to filter as
well as to queue the packets using the DROP, QUEUE targets of
"iptables". But in man pages it is specified that the filter rules
should not be added into mangle table.
Built-in targets such as DROP and QUEUE can be used in any table and
chain. But target extensions may have limitations. For exemple the
REJECT target can be used only in the filter table, so it cannot be used
in the mangle table. Also, filtering in the nat table is not recommended
because the nat table does not see all packets but only packets in the
NEW state which are the first packet of a connection.
