How is the Match Order determined in NetFilter / IPTables. When match modules such as hashlimit where the act of matching alters an internal datastructure and other match modules are combined the order can be very important. iptables -A INPUT -m statistic --mode nth --every 2 --packet 1 -m hashlimit --hashlimit-above 200/s .... With the modules executed in the order statistic, hashlimit the hashlimit should only get updated 50% of the time. Executed the other way the hashlimit is always updated. Regards, Mathew -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
