On Wednesday 2010-07-28 03:17, Payam Chychi wrote: >it's much less and actually recommended than running all rules in >default/less chains as each pkt must traverse the entire chain to be >processed Packets need not traverse an entire chain! All of -j ACCEPT, -j DROP, -j RETURN and -g xxx cause an early exit from the current chain in one way or another. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
