ѽ҉ᶬḳ℠ <vtol@xxxxxxx> wrote: > Having deployed family tables: > > * inet > * ip > * ip6 > > and to my understanding the _base chain definitions_, hook priority and > policy, are only applicable to chains within the same family table but are > mutually exclusive between the different family tables I am struggling to > comprehend as to the order of packet processing among the aforementioned > family tables: > > * which family table the packet is processed trough first/last - inet or ip > | ip6? None. Ordering is by prio, not by family. In ip vs ip6 case its even irrelevant because an ipv4 packet will never travel any of the ip6 base chains, ever (and vice versa). > * if the hook priority in the base chains of each family is the same but > different policies being applied how would such conflict, inet vs. ip | ip6, > resolve? Implementation defined, right now its 'last added'. But result is the same, if verdict is "drop", packet is discarded and evaluation ends. Just like with iptables: if you drop in mangle input, filter table won't even get a chance to see the packet. > As far as I comprehend jump | goto works with chains in the same family > table but it is not possible to jump | goto from the inet table to ip | ip6 > or vice versa, or is it? Its not, each table is a distinct entity.
