Iptables
Bradley J. Bartram
bradbartram at ccsisp.com
Mon Aug 11 12:35:40 EDT 2003
The first one reached is the first one matched. That's the reason your
generic deny or allow is normally the final chain.
brad
On Monday 11 August 2003 12:21 pm, Ray Cherry wrote:
> Does anyone know what happens.. if a packet would...
> could techinicaly match 2 different chains.... nad
> having a different outcome on each....
>
> for instance
> -A some_chain -d 192.168.1.0/24 -p tcp -m multiport
> "some ports"
>
> -A some_other_chain -o -dport "#" -j accept
>
> if the dport "#" is not listed the "some ports" what
> will to a packet destined for the internal network but
> is not listed in "some ports"
>
> For organizational purposes I have decided not to
> simply add dport "#" to the "some ports"
>
> Ray
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
More information about the nflug
mailing list