On Friday 2011-08-26 23:16, Christian Benvenuti (benve) wrote: >> >> Yes, I can filter at the FORWARD and the OUTPUT chain... But why can't >> I >> at the POSTROUTING??? > >By adding filtering support to the POSTROUTING hook you only get one >benefit: > > Rules that apply to both locally generated traffic (OUTPUT) > and forwarded traffic (FORWARD) do not need to be duplicated. > >Right? Yeah, and the rule duplication can be solved by jumping to a shared user-defined chain from both OUTPUT and FORWARD. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
