[LARTC] IMQ action

[LARTC] IMQ action

[Nikolay Nikolaev]

Hi.
-j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don't return 
in parent chain??? cause -j ACCEPT action accept the packet in the child 
chain and don't return it to parent...
example:

ipt="iptables -t mangle"

$ipt -N HTTP
$ipt -A HTTP -j IMQ // after this packet packets go to -t nat 
tables? or 		    // it return to parent chain (PREROUTING) in mangle?

$ipt -N OTHER
$ipt -A OTHER -j IMQ

$ipt -A PREROUTING [expression] -j HTTP
$ipt -A PREROUTING -j OTHER

all this I do for ingress traffic.
thx.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ action

[Andy Furniss]

Nikolay Nikolaev wrote:
> Hi.
> -j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don't return 
> in parent chain??? cause -j ACCEPT action accept the packet in the child 
> chain and don't return it to parent...
> example:
> 
> ipt="iptables -t mangle"
> 
> $ipt -N HTTP
> $ipt -A HTTP -j IMQ // after this packet packets go to -t nat tables? 
> or             // it return to parent chain (PREROUTING) in mangle?
> 
> $ipt -N OTHER
> $ipt -A OTHER -j IMQ
> 
> $ipt -A PREROUTING [expression] -j HTTP
> $ipt -A PREROUTING -j OTHER
> 
> all this I do for ingress traffic.
> thx.

I don't think -j IMQ is terminating as an iptables rule.

Whether it sees packets before / after (de)nat in prerouting depends on 
the kernel config options and gets logged for 2.6s. For 2.4s there is a 
patch to make it hook after nat.

Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc