On Tue, Mar 23, 2010 at 9:41 PM, ratheesh k <ratheesh.ksz@xxxxxxxxx> wrote: > I have a rule > > R1------> iptables -A FORWARD -j ACCEPT - > > After applying the above rule , i executed the below program > > > ******************************************************************************************************** > /* copied from http://sts.synflood.de/dump/doc/p61-0x0d_Hacking_the_Linux_Kernel_Network_Stack.txt > */ > > > /* Initialisation routine */ > int init_module() > { > /* Fill in our hook structure */ > nfho.hook = hook_func; > /* Handler function */ > nfho.hooknum = NF_IP_PRE_ROUTING; /* First for IPv4 */ > nfho.pf = PF_INET; > nfho.priority = NF_IP_PRI_FIRST; /* Make our func first */ > > nf_register_hook(&nfho); > > return 0; > } > > /* This is the hook function itself */ > unsigned int hook_func(unsigned int hooknum, > struct sk_buff **skb, > const struct net_device *in, > const struct net_device *out, > int (*okfn)(struct sk_buff *)) > { > return NF_DROP; /* Drop ALL packets */ > } > > ****************************************************************************************************************************** > I executed below rule - R2 . > > R2 --- > iptables -I FORWARD -j REJECT . > > > Question : to which target is chosen ( DROP or REJECT or ACCEPT ) . { > order of hook function ?? } > > Thanks, > RAtheesh There is a mistake in the question . Hook is NF_IP_FORWARD . Thanks, Ratheesh -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
