From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andy Furniss <lists@andyfurniss.entadsl.com>
Date: Tue, 29 Aug 2006 12:54:58 +0000
Subject: Re: [LARTC] IMQ action
Message-Id: <44F43922.7070201@andyfurniss.entadsl.com>
List-Id: <lartc.vger.kernel.org>
References: <44EFDF65.3030709@vsu.by>
In-Reply-To: <44EFDF65.3030709@vsu.by>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Nikolay Nikolaev wrote:
> Hi.
> -j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don't return 
> in parent chain??? cause -j ACCEPT action accept the packet in the child 
> chain and don't return it to parent...
> example:
> 
> ipt="iptables -t mangle"
> 
> $ipt -N HTTP
> $ipt -A HTTP -j IMQ // after this packet packets go to -t nat tables? 
> or             // it return to parent chain (PREROUTING) in mangle?
> 
> $ipt -N OTHER
> $ipt -A OTHER -j IMQ
> 
> $ipt -A PREROUTING [expression] -j HTTP
> $ipt -A PREROUTING -j OTHER
> 
> all this I do for ingress traffic.
> thx.

I don't think -j IMQ is terminating as an iptables rule.

Whether it sees packets before / after (de)nat in prerouting depends on 
the kernel config options and gets logged for 2.6s. For 2.4s there is a 
patch to make it hook after nat.

Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc