Friday, March 18, 2011

Implementing if statement in iptables

It just occurred to me that user defined chains in iptables are actually equivalent of an if statement. Namely, if you need to do something like the following:

if (packet meets certain criteria) {
    ...
}

then you'll actually do it so that anything between curly braces will be placed in user defined chain, while test if packet meets certain criteria would be iptables command that uses -j to jump to user defined chain.

Furthermore, the -j switch is actually goto statement in iptables. :)

Maybe this isn't something new to you, but for me it was revelation. Now, to try to make a Turing machine using iptables...

But more seriously, using user defined chains improves readability, reusability and performance of iptables system.
Posted by at
Labels: , , , , , ,
Location: City of Zagreb, Croatia

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive