It seems that it would go through the mytarget chain, and, not finding any
rules, be passed directly to the next chain for INPUT. I would say that
this is a way of setting up the rules such that any rules now added to
mytarget will take precedence over those in the initial ruleset.
Levi
> Here's an odd scenario. Assume the following:
>
> iptables -N mytarget
> iptables -I INPUT -j mytarget
>
> Assume no other specification of the mytarget chain/rule. And assume,
> per the above, that the mytarget chain acts as the first target on the
> INPUT chain. (Any other rules added with the -A parameter on the INPUT
> chain would get added _after_ this original rule.)
>
> The question is this: it seems that, without specifying the interface,
> protocol or disposition of the mytarget chain/rule, it's a wide open
> target, accepting anything from anywhere. If that's true, then if you
> actually did this, it would obviate the rest of the rules in your INPUT
> chain. Is that right? Or does a "blank" rule like this just pass packets
> to the next rule or the default policy (ACCEPT)?
>
> (This isn't a made up example. The latest Coyote effectively does this.)
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:38:58 EDT