I have a rule R1------> iptables -A FORWARD -j ACCEPT - After applying the above rule , i executed the below program ******************************************************************************************************** /* copied from http://sts.synflood.de/dump/doc/p61-0x0d_Hacking_the_Linux_Kernel_Network_Stack.txt */ /* Initialisation routine */ int init_module() { /* Fill in our hook structure */ nfho.hook = hook_func; /* Handler function */ nfho.hooknum = NF_IP_PRE_ROUTING; /* First for IPv4 */ nfho.pf = PF_INET; nfho.priority = NF_IP_PRI_FIRST; /* Make our func first */ nf_register_hook(&nfho); return 0; } /* This is the hook function itself */ unsigned int hook_func(unsigned int hooknum, struct sk_buff **skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) { return NF_DROP; /* Drop ALL packets */ } ****************************************************************************************************************************** I executed below rule - R2 . R2 --- > iptables -I FORWARD -j REJECT . Question : to which target is chosen ( DROP or REJECT or ACCEPT ) . { order of hook function ?? } Thanks, RAtheesh -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
