Hi. -j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don''t return in parent chain??? cause -j ACCEPT action accept the packet in the child chain and don''t return it to parent... example: ipt="iptables -t mangle" $ipt -N HTTP $ipt -A HTTP -j IMQ // after this packet packets go to -t nat tables? or // it return to parent chain (PREROUTING) in mangle? $ipt -N OTHER $ipt -A OTHER -j IMQ $ipt -A PREROUTING [expression] -j HTTP $ipt -A PREROUTING -j OTHER all this I do for ingress traffic. thx.
Nikolay Nikolaev wrote:> Hi. > -j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don''t return > in parent chain??? cause -j ACCEPT action accept the packet in the child > chain and don''t return it to parent... > example: > > ipt="iptables -t mangle" > > $ipt -N HTTP > $ipt -A HTTP -j IMQ // after this packet packets go to -t nat tables? > or // it return to parent chain (PREROUTING) in mangle? > > $ipt -N OTHER > $ipt -A OTHER -j IMQ > > $ipt -A PREROUTING [expression] -j HTTP > $ipt -A PREROUTING -j OTHER > > all this I do for ingress traffic. > thx.I don''t think -j IMQ is terminating as an iptables rule. Whether it sees packets before / after (de)nat in prerouting depends on the kernel config options and gets logged for 2.6s. For 2.4s there is a patch to make it hook after nat. Andy.