Re: Policy targets... - Gáspár Lajos

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Gáspár Lajos" <swifty@freemail.hu>
To: Petr Pisar <xpisar@fi.muni.cz>
Cc: netfilter@lists.netfilter.org
Subject: Re: Policy targets...
Date: Mon, 21 May 2007 18:13:01 +0200	[thread overview]
Message-ID: <4651C50D.7080605@freemail.hu> (raw)
In-Reply-To: <slrnf4j5ek.ic3.xpisar@album.ics.muni.cz>

Hi!

Petr Pisar írta:
> On 2007-05-11, G?sp?r Lajos <swifty@freemail.hu> wrote:
>   
>> Hi all,
>>
>> I was reading the iptables manual because I needed the correct arguments 
>> of the policy (-P) command.
>> Here it is:
>>
>>        -P, --policy chain target
>>               Set the policy for the chain to the given target.  See the 
>> section TARGETS for the legal targets.  Only built-in (non-user-defined) 
>> chains can
>>               have policies, and neither built-in nor user-defined 
>> chains can be policy targets.
>>
>> So I checked the TARGETS.
>>
>> TARGETS
>>        A  firewall rule specifies criteria for a packet, and a target.  
>> If the packet does not match, the next rule in the chain is the 
>> examined; if it does
>>        match, then the next rule is specified by the value of the 
>> target, which can be the name of a user-defined chain or one of the 
>> special values ACCEPT,
>>        DROP, QUEUE, or RETURN.
>>
>> My question is: What is the difference between the ACCEPT and the RETURN 
>> target in policy ??? :D
>>
>>     
> I think this is missunderstadning in man page. If you read the TARGETS
> section carefully you could see here is nothing about policy even if -P
> paragraph referres to it.
>   
Okay. That is right. There is nothing about policy in TARGETS section. 
But there is no "POLICYTARGETS" section! :D
> My opinion is ACCEPT and DROP only are valid policies. I don't know
> where I have this idea from but I'm pretty sure that other targets have
> not sense in policy context.
>
> -- Petr
I agree! I was just curious. :D

Swifty

     prev parent reply	other threads:[~2007-05-21 16:13 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-11 10:14 Policy targets Gáspár Lajos
2007-05-11 10:21 ` Pedro Gonçalves
2007-05-11 10:34   ` Gáspár Lajos
     [not found]     ` <46444B26.6010206@gmail.com>
2007-05-11 11:03       ` Gáspár Lajos
     [not found]         ` <46488357.90209@vlsmaps.com>
2007-05-15  9:03           ` Gáspár Lajos
2007-05-15 11:13 ` Petr Pisar
2007-05-21 16:13   ` Gáspár Lajos [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4651C50D.7080605@freemail.hu \
    --to=swifty@freemail.hu \
    --cc=netfilter@lists.netfilter.org \
    --cc=xpisar@fi.muni.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.