3
1
I've been looking at two references for iptables documentation, and both appear to be wrong in some very important details.
However, being new to iptables, I'm not fully sure, hence this post.
Reference 1 - Iptables Tutorial 1.2.2 : In the figure that immediately follows
Table 6-3 Forwarded Packets, shouldn't the arrow coming out offilter/FORWARDbe going straight tomangle/POSTROUTING, since the the routing decision to forward the packet already stands made? The text of Table 6-3 also seems to suggest this.Reference 2 - Wikipedia entry : In the
Network Layer-OUTPUT PATHcell, the firstrouting decisionis correctly followed byraw/OUTPUT,mangle/OUTPUT,nat/OUTPUT,filter/OUTPUT. However, shouldn't there be one morerouting decisionbetweenfilter/OUTPUTandmangle/POSTROUTING, since anattable processing must necessarily be followed by a routing decision? Also, not sure what thereroute checkbox is doing before thenat/OUTPUTbox!
Could someone please confirm my understanding, or correct me if I'm wrong?
Harry
Posted 2017-01-05T11:48:10.370
Reputation: 647
1The mangle table could mark packets with fwmark, which can be used in routing rules to influence the routing. Hence the routing decision needs to be made again. – wurtel – 2017-01-05T13:22:52.847
ok, in that case, the text is inaccurate/inconsistent with other mentions of "routing decision" in the 3 tables. – Harry – 2017-01-06T10:31:39.383