Fabio Marcone a écrit :
It is possible (DROP exists in all tables), but should not be done.
I know that drop is only in INPUT, FORWARD and OUTPUT chain...
This is not quite correct. DROP is available in all tables and chains.
However the "orthodoxy" is to do filtering only in the 'filter' table.
Can't you MARK packets in earlier chains (PREROUTING or FORWARD) and
use the mark in POSTROUTING ?
perhaps it is the only solution but I would to recognize packets in
POSTROUTING to send them in a IMQ virtual interface.
What is the problem in using a mark to do this ?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
