IPTables default policy

iptables

I am slightly confused about IPtables default policy.
Let's talk about the mangle table. let's say ACCEPT is the default policy on each chain.

PREROUTING ACCEPT
INPUT ACCEPT
FORWARD ACCEPT
OUTPUT ACCEPT
POSTROUTING ACCEPT

Packets that need to be forwarded will go through PREROUTING->FORWARD->POSTROUTING chain.

However, since the default policy in PREROUTING is ACCEPT, do the packets still traverse through the rules in POSTROUTING chain (or FORWARD chain)?

I read somewhere this:

-j ACCEPT : the rule is accepted and will not continue traversing the current chain or any other ones in the same table.

Is this true?

I want to set marks in POSTROUTING chain for forwarding packets, and am wondering if it is even possible if the packets were already ACCEPTed (due to the default policy) in PREROUTING chain.

Best Answer

I don't know where you get your quote from, my man iptables says:

ACCEPT means to let the packet through.

All the chains will be evaluated (unless one of them rejects a packet).

Using REJECT or DROP in any chain will cause the packet to be discarded, although that is the purpose of the filter table any not mangle. An ACCEPT in all chains will let the packet pass.

Related Topic