-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05/17/2017 03:40 AM, Vieri Di Paola wrote: > Hi, > > Regarding my previous post, I was under the assumption that an > ACCEPT rule was terminating. It doesn't seem to be so. So if I > REDIRECT after an ACCEPT, the connection will be redirected. >
ACCEPT *is* terminating, but you need to keep in mind how Netfilter processes packets (http://www.shorewall.org/NetfilterOverview.html). REDIRECT and DNAT occur in the PREROUTING chain of the nat table, while ACCEPT occurs in the INPUT, OUTPUT and FORWARD chains of the filter table. As a consequence, even though a REDIRECT or DNAT rule follows an ACCEPT rule in your rules file, the nat PREROUTING rule will *always* be processed before the ACCEPT rule. - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJZHHfQAAoJEJbms/JCOk0QsacP/12nzImS/b9KuYC6dvIW8JP1 BbW3jYM+z0RQlGVVRR2d/BMIVBA6UZzniPl4PxZ8jS/Txm0osUrub6D9WzgMhXrS i2ttZ0cSeEyXoU9yPEuhwIsbJpwX3++HvZRRQ5OhfAPUyo674y+I9jMms2SUlw/j D780S9ooQDJyVgzNwnAyNIfsPlRALt6nLr7W5bR2aS23pgM9Kcx/CDa3gRQOxYZP YWP5//vP63o3CpjjEqPOjSL8/e9Z8leqR5S69vRBS7vb+F63nIqP3LcPfDXdVoNK n+xq1gZEbhFXee8pH3TIVFf/xeH9WO/CCdUnmcqkA0IFT/UgHG0rrd6o1CCn9q1y YR3vqd7pRv83YorkmVais903hOZdneEj4tzOLXTG8CPJ6dp4V+OjjCn0hD0aN1UX Q4UYB9bqUr3OMLxF4pVHPrsxLWaTdvqvFjPsTa1ThxTiikEItdn6gl1O9ghgA1vL yCZSw3Uvw/uSFFKqSe5aANfvv0Oq2G9atYVxELQqByelqoVMOalEaDbaKOQTYToq mg7PLaJ+z24rydQHNzziACcbx7TZXC+i3JClnpbGtQJH+BhLyxfmkPpkWgo1YYBs P2hl/jFn0igFgFwwz8oI4WDC7TrqLK5lrm0SiXnm3dyI61/L7YWxqJwBhkjzQbzD 53pK3QNGObRSAYMBGuCi =pG/o -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
