On Thursday, February 28, 2013 01:26:52 AM Donghua Liu wrote: > Hi, > > Say if I set a netfilter rule by "iptables -t nat -A custom_chain -p > tcp -dport 80 -j DNAT --to-destination 127.0.0.1:1234" for some > requirement. > > I also have a LKM which will check the availablity of service > "127.0.0.1:1234" and how can I cancel the rule's operation(Do NOT > delete this rule), let the packet go as usual ignore the nat. Assuimg '-j RETURN' is valid, put the rule in chain 'custchainNAT' by itself and add a jump to that chain from custom_chain. To disable the nat, insert (via -I 1) a '-j RETURN' rule in 'custchainNAT' before the NAT rule. To re- enable it, delete the RETURN rule. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
