Hi Harald, On Fri, Jul 05, 2002 at 04:21:27PM +0200, Harald Welte wrote: > > > You could just add a boolean field 'terminating' to the iptables_target. > > Then, make sure iptables abort and complains if it sees more than one > > terminating target being requested in a single rule. > > no, it's not about how to distinguish it internally. It was more like: > How does the user know which targets terminate and which don't [just by > looking at the name or it's usage]
Random notice: the same question waits for the user who wants to understand the action of some "previous user defined chain" he just sees. Does that user defined chain terminate in any case? My point? iptables rulesets tend to become sufficiently complex in a short time so that "vague inspection" won't make a given ruleset easily understandable. IMHO that's a tribute to the flexibility we have with iptables. Engage brain before making modifications. have a nice weekend Patrick
