Iptables using, goto + jump: what is the RETURN behaviour

I'm trying to work out what is the iptables behaviour when you have multiple custom chains and you sue a mix between -goto and -jump

Example:

INPUT
iptables -A INPUT -i eth1 -j CUSTOM-A

CUSTOM-A
few commands here...
iptables -A CUSTOM-A -i eth1 -p tcp -dport 80 -g CUSTOM-B
few optional commands here...
iptables -A CUSTOM-A -i eth1 -s 0/0 -g CUSTOM-B

CUSTOM-B
iptables -A CUSTOM-B few commands here... -j CUSTOM-C
iptables -A CUSTOM-B few commands here... -j CUSTOM-C
iptables -A CUSTOM-B few commands here... -j CUSTOM-C
iptables -A CUSTOM-B -i eth1 -s 0/0 -j RETURN

CUSTOM-C
iptables -A CUSTOM-C -s 0/0 -j LOG
iptables -A CUSTOM-C -s 0/0 -j DROP

With the above scenario packets matched on CUSTOM-A tcp/80 will go to CUSTOM-B and if they reach the bottom of the table they would RETURN. Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

Best Answer

Is the RETURN actually returning the packet to INPUT since the packet got there via a goto?

This is what the man page says...

-g, --goto chain This specifies that the processing should continue in a user specified chain. Unlike the --jump option return will not continue processing in this chain but instead in the chain that called us via --jump.

So I would expect the return to be to the INPUT chain.

Best Answer

Related Solutions

Ssh – iptables rules to block ssh remote forwarded ports

Ubuntu – Why does a valid set of iptables rules slow the server to a crawl

Related Topic