Ryfujk

What are the steps to solving this definite integral?

If a planet has 3 moons, is it possible to have triple Full/New Moons at once?

Can an Area of Effect spell cast outside a Prismatic Wall extend inside it?

How come there are so many candidates for the 2020 Democratic party presidential nomination?

Elements other than carbon that can form many different compounds by bonding to themselves?

Pre-plastic human skin alternative

Is Diceware more secure than a long passphrase?

Do I have an "anti-research" personality?

A ​Note ​on ​N!

Does a large simulator bay have standard public address announcements?

Extension of 2-adic valuation to the real numbers

How to stop co-workers from teasing me because I know Russian?

What happened to Captain America in Endgame?

Aliens crash on Earth and go into stasis to wait for technology to fix their ship

How to have a sharp product image?

What does ゆーか mean?

How to display Aura JS Errors Lightning Out

What is the philosophical significance of speech acts/implicature?

Re-entry to Germany after vacation using blue card

How to limit Drive Letters Windows assigns to new removable USB drives

How can Republicans who favour free markets, consistently express anger when they don't like the outcome of that choice?

On The Origin of Dissonant Chords

Function pointer with named arguments?

Dynamic SOQL query relationship with field visibility for Users

iptables using, goto + jump: what is the RETURN behaviour?

iptables rules to block ssh remote forwarded portsFsockOpen problem with Iptables inside OpenVZ VMiptables - quick safety eval & limit max conns over timeWhy does a valid set of iptables rules slow my server to a crawl?Trying to make iptables stateless is causing unforeseen filteringIPtables on Linux for mysql server private interfaceConfiguring iptables on dd-wrt routeriptables: How does DROP policy is working with custom chainblocked ips not showing up in iptables chainsIPtables blocking SSH only if using conntrack

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

2

1

I'm trying to work out what is the iptables behaviour when you have multiple custom chains and you sue a mix between -goto and -jump

Example:

INPUT

iptables -A INPUT -i eth1 -j CUSTOM-A



CUSTOM-A

few commands here...

iptables -A CUSTOM-A -i eth1 -p tcp -dport 80 -g CUSTOM-B

few optional commands here...

iptables -A CUSTOM-A -i eth1 -s 0/0 -g CUSTOM-B



CUSTOM-B

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B -i eth1 -s 0/0 -j RETURN



CUSTOM-C

iptables -A CUSTOM-C -s 0/0 -j LOG

iptables -A CUSTOM-C -s 0/0 -j DROP

With the above scenario packets matched on CUSTOM-A tcp/80 will go to CUSTOM-B and if they reach the bottom of the table they would RETURN. Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

iptables

share|improve this question

edited 17 mins ago

Michael Hampton♦

176k27321651

asked Mar 14 '15 at 20:41

user3018558user3018558

4316

add a comment | 

2

1

I'm trying to work out what is the iptables behaviour when you have multiple custom chains and you sue a mix between -goto and -jump

Example:

INPUT

iptables -A INPUT -i eth1 -j CUSTOM-A



CUSTOM-A

few commands here...

iptables -A CUSTOM-A -i eth1 -p tcp -dport 80 -g CUSTOM-B

few optional commands here...

iptables -A CUSTOM-A -i eth1 -s 0/0 -g CUSTOM-B



CUSTOM-B

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B -i eth1 -s 0/0 -j RETURN



CUSTOM-C

iptables -A CUSTOM-C -s 0/0 -j LOG

iptables -A CUSTOM-C -s 0/0 -j DROP

With the above scenario packets matched on CUSTOM-A tcp/80 will go to CUSTOM-B and if they reach the bottom of the table they would RETURN. Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

iptables

share|improve this question

edited 17 mins ago

Michael Hampton♦

176k27321651

asked Mar 14 '15 at 20:41

user3018558user3018558

4316

add a comment | 

I'm trying to work out what is the iptables behaviour when you have multiple custom chains and you sue a mix between -goto and -jump

Example:

INPUT

iptables -A INPUT -i eth1 -j CUSTOM-A



CUSTOM-A

few commands here...

iptables -A CUSTOM-A -i eth1 -p tcp -dport 80 -g CUSTOM-B

few optional commands here...

iptables -A CUSTOM-A -i eth1 -s 0/0 -g CUSTOM-B



CUSTOM-B

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B -i eth1 -s 0/0 -j RETURN



CUSTOM-C

iptables -A CUSTOM-C -s 0/0 -j LOG

iptables -A CUSTOM-C -s 0/0 -j DROP

With the above scenario packets matched on CUSTOM-A tcp/80 will go to CUSTOM-B and if they reach the bottom of the table they would RETURN. Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

iptables

share|improve this question

edited 17 mins ago

Michael Hampton♦

176k27321651

asked Mar 14 '15 at 20:41

user3018558user3018558

4316

INPUT

iptables -A INPUT -i eth1 -j CUSTOM-A



CUSTOM-A

few commands here...

iptables -A CUSTOM-A -i eth1 -p tcp -dport 80 -g CUSTOM-B

few optional commands here...

iptables -A CUSTOM-A -i eth1 -s 0/0 -g CUSTOM-B



CUSTOM-B

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B few commands here... -j CUSTOM-C

iptables -A CUSTOM-B -i eth1 -s 0/0 -j RETURN



CUSTOM-C

iptables -A CUSTOM-C -s 0/0 -j LOG

iptables -A CUSTOM-C -s 0/0 -j DROP

share|improve this question

edited 17 mins ago

Michael Hampton♦

176k27321651

asked Mar 14 '15 at 20:41

user3018558user3018558

4316

share|improve this question

edited 17 mins ago

Michael Hampton♦

176k27321651

asked Mar 14 '15 at 20:41

user3018558user3018558

4316

edited 17 mins ago

Michael Hampton♦

176k27321651

edited 17 mins ago

Michael Hampton♦

176k27321651

asked Mar 14 '15 at 20:41

user3018558user3018558

4316

asked Mar 14 '15 at 20:41

user3018558user3018558

4316

1 Answer
1

active

oldest

votes

2

Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

This is what the man page says...

-g, --goto chain
This specifies that the processing should continue in a user specified chain. Unlike the --jump option return will not continue processing in this chain but instead in the chain that called us via --jump.

So I would expect the return to be to the INPUT chain.

share|improve this answer

answered Mar 14 '15 at 20:47

IainIain

105k14165258

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f675559%2fiptables-using-goto-jump-what-is-the-return-behaviour%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

2

Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

This is what the man page says...

-g, --goto chain
This specifies that the processing should continue in a user specified chain. Unlike the --jump option return will not continue processing in this chain but instead in the chain that called us via --jump.

So I would expect the return to be to the INPUT chain.

share|improve this answer

answered Mar 14 '15 at 20:47

IainIain

105k14165258

add a comment | 

2

Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

This is what the man page says...

-g, --goto chain
This specifies that the processing should continue in a user specified chain. Unlike the --jump option return will not continue processing in this chain but instead in the chain that called us via --jump.

So I would expect the return to be to the INPUT chain.

share|improve this answer

answered Mar 14 '15 at 20:47

IainIain

105k14165258

add a comment | 

Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

This is what the man page says...

-g, --goto chain
This specifies that the processing should continue in a user specified chain. Unlike the --jump option return will not continue processing in this chain but instead in the chain that called us via --jump.

So I would expect the return to be to the INPUT chain.

share|improve this answer

answered Mar 14 '15 at 20:47

IainIain

105k14165258

share|improve this answer

answered Mar 14 '15 at 20:47

IainIain

105k14165258

answered Mar 14 '15 at 20:47

IainIain

105k14165258

answered Mar 14 '15 at 20:47

IainIain

105k14165258