On Wed, 2007-10-31 at 16:23 +0100, Pascal Hambourg wrote: > Hello, > > Jason Sigurdur a écrit : > > > > If a specific rule is matched, does it not exit the chain? > > Only if the target is "terminal". ACCEPT, DROP, REJECT are terminal. > NAT-specific targets such as SNAT and DNAT are terminal too. LOG is > obviously not terminal. Most if not all mangle-specific targets such as > DSCP are not terminal. Indeed one may want to alter several parts of a > packet in the same chain. Hence you could jump to a user defined chain like (create the chain first): iptables -t mangle -N AF31 iptables -t mangle -A AF31 -j DSCP --set-dscp-class af31 iptables -t mangle -A AF31 -j ACCEPT iptables -t mangle -A FORWARD -o net+ -p tcp --dport 25 -j AF31 -- Matt Zagrabelny - mzagrabe@xxxxxxxxx - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
Attachment:
signature.asc
Description: This is a digitally signed message part
