I added this rule:
iptables -t nat -A INPUT -p icmp -j LOG
Then when I ping localhost, nothing is logged. If I add the same rule to
nat POSTROUTING, then the packet is logged, implying that nat
POSTROUTING is being traversed for locally-destined locally-generated
packets rather than nat INPUT.
This is not what I would have expected from the documentation.
I tried the same thing with the same chains in the mangle table and in
that case POSTROUTING and INPUT are *both* traversed for local-to-local
packets.
Is this (including the inconsistency between nat and mangle) the
intended behavior for some reason or is it a bug?
