[Fwd: Re: questions about chain traversal, new ascii diagram]

[Fwd: Re: questions about chain traversal, new ascii diagram]

[Lopsch]

[-- Attachment #1.1: Type: text/plain, Size: 1225 bytes --]

Curby . schrieb:
> ----Original Message Follows----
>
>> http://joerg.fruehbrodt.bei.t-online.de/pics/abb3_netfilter_ablaufdiagramm.jpg
>>
>>
>> What about the mangle decisions, do you also want to include them :D?
>
>
> It looks reasonable, but if this is true then the article I mentioned
> was wrong.  Perhaps there should be a disclaimer by the link on the
> netfilter documentation page?
>
> Does anyone know the answers to my other questions? Specifically, is it
> due to style or technical reasons that people don't filter traffic in
> PREROUTING, and instead put the same rules in both FORWARD and INPUT?
>
> I think you were probably just being facetious, but I wouldn't mind
> knowing when the mangle chains come into play.  If we have to jump to
> them explicitly though, then I'll just RTFM. =)
>
> Thanks again!
>
> --Curby
>
>
>
They are traversed before the other ones e.g.

PREROUTING mangle -> PREROUTING nat -> FORWARD mangle -> FORWARD filter
-> POSTROUTING mangle -> POSTROUTING nat

PREROUTING mangle -> PREROUTING nat -> INPUT mangle -> INPUT FILTER ->
local process

local process -> OUTPUT mangle -> OUTPUT nat -> OUTPUT filter ->
POSTROUTING mangle -> POSTROUTING nat

Greets

--

PGP-ID 0xF8EAF138


[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 851 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 832 bytes --]