On Monday 08 July 2002 11:34 pm, George Vieira wrote: > You could put a RETURN at the end too couldn't you, so it'll return back to > the chain it came from and then end up with the original chains DEFAULT > policy... no?
Not much point putting a RETURN at the end of a chain, because that's what it's going to do anyway when it falls off the end. Antony. > -----Original Message----- > From: Antony Stone [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 09 July 2002 2:57 AM > To: [EMAIL PROTECTED] > Subject: Re: Why are default policies not possible for user-defined > chains? > > On Monday 08 July 2002 5:32 pm, Jan Humme wrote: > > What is the reason that iptables does not support default policies on > > user-chains? > > I suppose it's partly because there's not a lot of point (that I can see). > > You can only call a user-defined chain from one of the built-in chains (or > from another user-defined chain, which has to be called from a built-in > chain, etc...) therefore ultimately it's the default policy of the built-in > chain which determines what happens to a packet if none of the rules match. > > > It seems like such a natural extension, and easy to implement. Or not? Is > > there perhaps a catch that I am overlooking? > > It's easy enough to put a DROP, or ACCEPT, or whatever, as the last rule in > your user-defined chain, thereby catching any packets which haven't already > matched..... > > > > Antony.
