当我用命令列出表iptables的规则时,我在调试输出下看到从 0 到 124 的条目号。最后的条目如下:filteriptables -t filter -L -vvv --line-numbers
Entry 124 (42880):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`ERROR'
数据包何时到达该ERROR目标?
答案1
我想你会在以下的主要评论中找到答案libip4tc.c:
/* Library which manipulates firewall rules. Version 0.1. */
/* Architecture of firewall rules is as follows:
*
* Chains go INPUT, FORWARD, OUTPUT then user chains.
* Each user chain starts with an ERROR node.
* Every chain ends with an unconditional jump: a RETURN for user chains,
* and a POLICY for built-ins.
*/