iptables: rule with RETURN target just after a rule with ACCEPT target

Discussion in 'Linux Networking' started by Neroku, Apr 25, 2007.

  1. Neroku

    Neroku Guest

    Hi, I've seen in several scripts the following layout:

    iptables criteria -j ACCEPT
    iptables the_same_criteria_as_above -j RETURN

    for example:

    iptables -A INPUT -p tcp -m tcp --dport 100 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 100 -j RETURN

    The last rule will be never matched, because all tcp incoming
    connections will be accepted, and then will go throw the next chain.
    So, What is the usefulness of this configuration?

    IMHO, I think is for changing the scripts in a fast way (just
    commenting on the first line will yield in default policy for the
    INPUT chain)

    TIA
     
    Neroku, Apr 25, 2007
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.