Re: Policy targets... - Pedro Gonçalves

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Pedro Gonçalves" <pedro.pandre@gmail.com>
To: "Gáspár Lajos" <swifty@freemail.hu>
Cc: Netfilter IPtableMailinglist <netfilter@lists.netfilter.org>
Subject: Re: Policy targets...
Date: Fri, 11 May 2007 11:21:34 +0100	[thread overview]
Message-ID: <464443AE.5020904@gmail.com> (raw)
In-Reply-To: <464441F7.3050808@freemail.hu>

Gáspár Lajos wrote:
> Hi all,
>
> I was reading the iptables manual because I needed the correct 
> arguments of the policy (-P) command.
> Here it is:
>
>       -P, --policy chain target
>              Set the policy for the chain to the given target.  See 
> the section TARGETS for the legal targets.  Only built-in 
> (non-user-defined) chains can
>              have policies, and neither built-in nor user-defined 
> chains can be policy targets.
>
> So I checked the TARGETS.
>
> TARGETS
>       A  firewall rule specifies criteria for a packet, and a target.  
> If the packet does not match, the next rule in the chain is the 
> examined; if it does
>       match, then the next rule is specified by the value of the 
> target, which can be the name of a user-defined chain or one of the 
> special values ACCEPT,
>       DROP, QUEUE, or RETURN.
>
> My question is: What is the difference between the ACCEPT and the 
> RETURN target in policy ??? :D

in http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=iptables :

TARGETS
(...)

*ACCEPT means to let the packet through.*	
DROP means to drop the on the floor.  
QUEUE means to pass the packet to userspace  (if ported  by  the kernel).  
*RETURN means stop traversing this chain and
       resume at the next rule in the previous (calling) chain.	 If  the  end
       of a built-in chain is reached or a rule in a built-in chain with tar-
       get RETURN is matched, the target specified by the chain policy deter-
       mines the fate of the packet.*

Best Regards
pandre

next prev parent reply	other threads:[~2007-05-11 10:21 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-11 10:14 Policy targets Gáspár Lajos
2007-05-11 10:21 ` Pedro Gonçalves [this message]
2007-05-11 10:34   ` Gáspár Lajos
     [not found]     ` <46444B26.6010206@gmail.com>
2007-05-11 11:03       ` Gáspár Lajos
     [not found]         ` <46488357.90209@vlsmaps.com>
2007-05-15  9:03           ` Gáspár Lajos
2007-05-15 11:13 ` Petr Pisar
2007-05-21 16:13   ` Gáspár Lajos

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=464443AE.5020904@gmail.com \
    --to=pedro.pandre@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    --cc=swifty@freemail.hu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.