On Thu, 6 Nov 2003, Tom Lahti wrote: > ACCEPT will continue down the table. You want to use RETURN, not > ACCEPT. Otherwise, it will still match the REDIRECT rule later in the table.
No, it won't. ACCEPT is a terminal target in iptables. Terminal targets terminate all processing of that hook in that table with the result of the terminal target. REDIRECT is not a terminal target, it just returns from this chain. If you are not using custom defined chains the effect of ACCEPT and RETURN is the same as returning from the hook chain is the same as accepting the packet, but if you are using custom defined chains then the difference is significant as ACCEPT is terminal no matter where it is executed while RETURN just causes processing to continue with the next rule in the chain that jumped to your custom chain. Regards Henrik
