iptables using, goto + jump: what is the RETURN behaviour?iptables rules to block ssh remote forwarded...

What are the steps to solving this definite integral?

If a planet has 3 moons, is it possible to have triple Full/New Moons at once?

Can an Area of Effect spell cast outside a Prismatic Wall extend inside it?

How come there are so many candidates for the 2020 Democratic party presidential nomination?

Elements other than carbon that can form many different compounds by bonding to themselves?

Pre-plastic human skin alternative

Is Diceware more secure than a long passphrase?

Do I have an "anti-research" personality?

A Note on N!

Does a large simulator bay have standard public address announcements?

Extension of 2-adic valuation to the real numbers

How to stop co-workers from teasing me because I know Russian?

What happened to Captain America in Endgame?

Aliens crash on Earth and go into stasis to wait for technology to fix their ship

How to have a sharp product image?

What does ゆーか mean?

How to display Aura JS Errors Lightning Out

What is the philosophical significance of speech acts/implicature?

Re-entry to Germany after vacation using blue card

How to limit Drive Letters Windows assigns to new removable USB drives

How can Republicans who favour free markets, consistently express anger when they don't like the outcome of that choice?

On The Origin of Dissonant Chords

Function pointer with named arguments?

Dynamic SOQL query relationship with field visibility for Users

iptables using, goto + jump: what is the RETURN behaviour?

iptables rules to block ssh remote forwarded portsFsockOpen problem with Iptables inside OpenVZ VMiptables - quick safety eval & limit max conns over timeWhy does a valid set of iptables rules slow my server to a crawl?Trying to make iptables stateless is causing unforeseen filteringIPtables on Linux for mysql server private interfaceConfiguring iptables on dd-wrt routeriptables: How does DROP policy is working with custom chainblocked ips not showing up in iptables chainsIPtables blocking SSH only if using conntrack

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

I'm trying to work out what is the iptables behaviour when you have multiple custom chains and you sue a mix between -goto and -jump

Example:

INPUT

iptables -A INPUT -i eth1 -j CUSTOM-A



CUSTOM-A

few commands here...

iptables -A CUSTOM-A -i eth1 -p tcp -dport 80 -g CUSTOM-B

few optional commands here...

iptables -A CUSTOM-A -i eth1 -s 0/0 -g CUSTOM-B



CUSTOM-B

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B -i eth1 -s 0/0 -j RETURN



CUSTOM-C

iptables -A CUSTOM-C -s 0/0 -j LOG

iptables -A CUSTOM-C -s 0/0 -j DROP

With the above scenario packets matched on CUSTOM-A tcp/80 will go to CUSTOM-B and if they reach the bottom of the table they would RETURN. Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

edited 17 mins ago

Michael Hampton♦

176k27321651

asked Mar 14 '15 at 20:41

user3018558

4316

add a comment |

I'm trying to work out what is the iptables behaviour when you have multiple custom chains and you sue a mix between -goto and -jump

Example:

INPUT

iptables -A INPUT -i eth1 -j CUSTOM-A



CUSTOM-A

few commands here...

iptables -A CUSTOM-A -i eth1 -p tcp -dport 80 -g CUSTOM-B

few optional commands here...

iptables -A CUSTOM-A -i eth1 -s 0/0 -g CUSTOM-B



CUSTOM-B

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B -i eth1 -s 0/0 -j RETURN



CUSTOM-C

iptables -A CUSTOM-C -s 0/0 -j LOG

iptables -A CUSTOM-C -s 0/0 -j DROP

edited 17 mins ago

Michael Hampton♦

176k27321651

asked Mar 14 '15 at 20:41

user3018558

4316

add a comment |

I'm trying to work out what is the iptables behaviour when you have multiple custom chains and you sue a mix between -goto and -jump

Example:

INPUT

iptables -A INPUT -i eth1 -j CUSTOM-A



CUSTOM-A

few commands here...

iptables -A CUSTOM-A -i eth1 -p tcp -dport 80 -g CUSTOM-B

few optional commands here...

iptables -A CUSTOM-A -i eth1 -s 0/0 -g CUSTOM-B



CUSTOM-B

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B -i eth1 -s 0/0 -j RETURN



CUSTOM-C

iptables -A CUSTOM-C -s 0/0 -j LOG

iptables -A CUSTOM-C -s 0/0 -j DROP

edited 17 mins ago

Michael Hampton♦

176k27321651

asked Mar 14 '15 at 20:41

user3018558

4316

I'm trying to work out what is the iptables behaviour when you have multiple custom chains and you sue a mix between -goto and -jump

Example:

INPUT

iptables -A INPUT -i eth1 -j CUSTOM-A



CUSTOM-A

few commands here...

iptables -A CUSTOM-A -i eth1 -p tcp -dport 80 -g CUSTOM-B

few optional commands here...

iptables -A CUSTOM-A -i eth1 -s 0/0 -g CUSTOM-B



CUSTOM-B

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B -i eth1 -s 0/0 -j RETURN



CUSTOM-C

iptables -A CUSTOM-C -s 0/0 -j LOG

iptables -A CUSTOM-C -s 0/0 -j DROP

iptables

edited 17 mins ago

Michael Hampton♦

176k27321651

asked Mar 14 '15 at 20:41

user3018558

4316

edited 17 mins ago

Michael Hampton♦

176k27321651

asked Mar 14 '15 at 20:41

user3018558

4316

edited 17 mins ago

Michael Hampton♦

176k27321651

edited 17 mins ago

Michael Hampton♦

176k27321651

edited 17 mins ago

Michael Hampton♦

176k27321651

asked Mar 14 '15 at 20:41

user3018558

4316

asked Mar 14 '15 at 20:41

user3018558

4316

asked Mar 14 '15 at 20:41

user3018558

4316

add a comment |

1 Answer
1

active

oldest

votes

Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

This is what the man page says...

-g, --goto chain
This specifies that the processing should continue in a user specified chain. Unlike the --jump option return will not continue processing in this chain but instead in the chain that called us via --jump.

So I would expect the return to be to the INPUT chain.

answered Mar 14 '15 at 20:47

Iain

105k14165258

add a comment |

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f675559%2fiptables-using-goto-jump-what-is-the-return-behaviour%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

This is what the man page says...

-g, --goto chain
This specifies that the processing should continue in a user specified chain. Unlike the --jump option return will not continue processing in this chain but instead in the chain that called us via --jump.

So I would expect the return to be to the INPUT chain.

answered Mar 14 '15 at 20:47

Iain

105k14165258

add a comment |

Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

This is what the man page says...

-g, --goto chain
This specifies that the processing should continue in a user specified chain. Unlike the --jump option return will not continue processing in this chain but instead in the chain that called us via --jump.

So I would expect the return to be to the INPUT chain.

answered Mar 14 '15 at 20:47

Iain

105k14165258

add a comment |

Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

This is what the man page says...

-g, --goto chain
This specifies that the processing should continue in a user specified chain. Unlike the --jump option return will not continue processing in this chain but instead in the chain that called us via --jump.

So I would expect the return to be to the INPUT chain.

answered Mar 14 '15 at 20:47

Iain

105k14165258

Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

This is what the man page says...

-g, --goto chain
This specifies that the processing should continue in a user specified chain. Unlike the --jump option return will not continue processing in this chain but instead in the chain that called us via --jump.

So I would expect the return to be to the INPUT chain.

answered Mar 14 '15 at 20:47

Iain

105k14165258

answered Mar 14 '15 at 20:47

Iain

105k14165258

answered Mar 14 '15 at 20:47

Iain

105k14165258

answered Mar 14 '15 at 20:47

Iain

105k14165258

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Server Fault!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Ryfujk