I have a question regarding IPTables packet flow, that I am hoping I can get an answer to.
We have a fairly advanced implementation of IPTables that I am trying to convert into a third party product and I am not quite certain on the packet flow in the current IPTables implementation.
We are using Mangle, NAT and Filter tables - and my question is this:
We have a PREROUTING chain defined in Mangle AND NAT tables. If a rule is matched with a -j of ACCEPT in the Mangle PREROUTING chain, does the packet still flow to the NAT PREROUTING chain? Or does it just go to the FORWARD chain and skip any other PREROUTING chains in other tables?
That is the missing piece of logic in my head and I would love to have that answered, thank you.