Syntax: > bash-2.05a# iptables -t mangle -I OUTPUT -j LOG --log-prefix-OutMangle should be --log-prefix=OutMangle ----- Original Message ----- From: "Ben" <[EMAIL PROTECTED]> To: "Antony Stone" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, June 20, 2002 4:14 PM Subject: Re: mangle table traversal
> Interestingly, iptables 1.2.6a won't let me attach a LOG target to any of > the output chains. I get this: > > bash-2.05a# iptables -t mangle -I OUTPUT -j LOG --log-prefix-OutMangle > iptables v1.2.6a: Unknown arg `--log-prefix-OutMangle' > > Is that expected behavior, and if so, why? > > On Thu, 20 Jun 2002, Antony Stone wrote: > > > On Thursday 20 June 2002 9:16 pm, Shinju wrote: > > > > > Hey folks. > > > > > > Do packets always traverse the chain in the 'mangle' table before they > > > traverse the corresponding chain in other tables? In other words, is this > > > flow correct?... > > > > > > ...manglePREROUTING --> natPREROUTING... > > > ...mangleINPUT --> filterINPUT... > > > ...mangleOUTPUT --> natOUTPUT --> filterOUTPUT... > > > ...mangleFORWARD --> filterFORWARD... > > > ...manglePOSTROUTING --> natPOSTROUTING... > > > > You can eaily check this for yourself by putting a LOG target as the first > > rule into every chain. eg: > > > > iptables -t mangle -I PREROUTING -j LOG --log-prefix=PreMangle > > iptables -t mangle -I INPUT -j LOG --log-prefix=InMangle > > iptables -t mangle -I FORWARD -j LOG --log-prefix=ForMangle > > iptables -t mangle -I POSTROUTING -j LOG --log-prefix=PostMangle > > iptables -t mangle -I OUTPUT -j LOG --log-prefix-OutMangle > > iptables -t filter -I PREROUTING -j LOG --log-prefix=PreFilt > > iptables -t filter -I INPUT -j LOG --log-prefix=InFilt > > iptables -t filter -I FORWARD -j LOG --log-prefix=ForFilt > > iptables -t filter -I POSTROUTING -j LOG --log-prefix=PostFilt > > iptables -t filter -I OUTPUT -j LOG --log-prefix-OutFilt > > iptables -t nat -I PREROUTING -j LOG --log-prefix=PreNat > > iptables -t nat -I POSTROUTING -j LOG --log-prefix=PostNat > > iptables -t nat -I OUTPUT -j LOG --log-prefix-OutNat > > > > Then just send somepackets through the machine and look at the log file to > > see what order they went through the chains/tables. > > > > > > > > Antony. > > > > >
