Hello, Jason Sigurdur a écrit :
If a specific rule is matched, does it not exit the chain?
Only if the target is "terminal". ACCEPT, DROP, REJECT are terminal. NAT-specific targets such as SNAT and DNAT are terminal too. LOG is obviously not terminal. Most if not all mangle-specific targets such as DSCP are not terminal. Indeed one may want to alter several parts of a packet in the same chain.
- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
