Home / server / Questions / 675559
Accepted
user3018558
Asked: 2015-03-15 12:41:43 +0800 CST

iptables using, goto + jump: what is the RETURN behaviour?

  • 772

I'm trying to work out what is the iptables behaviour when you have multiple custom chains and you sue a mix between -goto and -jump

Example:

INPUT
iptables -A INPUT -i eth1 -j CUSTOM-A

CUSTOM-A
few commands here...
iptables -A CUSTOM-A -i eth1 -p tcp -dport 80 -g CUSTOM-B
few optional commands here...
iptables -A CUSTOM-A -i eth1 -s 0/0 -g CUSTOM-B

CUSTOM-B
iptables -A CUSTOM-B few commands here... -j CUSTOM-C
iptables -A CUSTOM-B few commands here... -j CUSTOM-C
iptables -A CUSTOM-B few commands here... -j CUSTOM-C
iptables -A CUSTOM-B -i eth1 -s 0/0 -j RETURN

CUSTOM-C
iptables -A CUSTOM-C -s 0/0 -j LOG
iptables -A CUSTOM-C -s 0/0 -j DROP

With the above scenario packets matched on CUSTOM-A tcp/80 will go to CUSTOM-B and if they reach the bottom of the table they would RETURN. Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

iptables

1 Answers

  1. Best Answer

    Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

    This is what the man page says...

    -g, --goto chain This specifies that the processing should continue in a user specified chain. Unlike the --jump option return will not continue processing in this chain but instead in the chain that called us via --jump.

    So I would expect the return to be to the INPUT chain.

    • 3