RETURN jump missing in iptables userchain - what happens?

iptables

I am quite unable to find out what the consequences of a missing RETURN-rule at the end of user-defined iptables chains are. Obviously "iptables [missing] return [jump]" are really, really bad keywords to look for.

The manpage and any blog or howto I could dig up just tell me what -j RETURN does (which is quite obvious) but not what happens if it is missing. Also, I cannot seem to set up sane experimental rules to try it out...

iptables -N userchainA
iptables -A INPUT -j userchainA
iptables -N userchainB
iptables -A INPUT -j userchainB
iptables -A INPUT -j ACCEPT

iptables -A userchainA ... # anything here, that DOES NOT MATCH
#### no explicit return from userchainA!

iptables -A userchainB ... # anything here, that DOES NOT MATCH
iptables -A userchainB -j RETURN

Given these rules, anything works just fine. Packets travel through all the chains and finally hit the ACCEPT from INPUT as if the (missing) -j RETURN from userchainA would be done implicitly. Is this the case?

Why is this working? I would have expected some kind of error or at least a log message about execution falling of a chain.


When iptables reaches the end of a user-defined chain, flow returns to the next rule in the calling chain. The RETURN is therefore implicit; it does not need to be explicitly given.

Related

How to simulate a source IP to test which iptables rules are/aren't firing? [closed]
How Do I Update Apache to 2.2.24 On AWS Instance
What is the (*) in Windows Performance Counters
Best method to clone a Windows server?
FreeBSD undo uppercase characters in username
Forcing Nginx to send Content-Length headers when serving static files with gzip
iptables SSH connection logging
NIS failing to bind
How to correctly ldapmodify replace olcAccess lines?
Cant connect IPv6 linux server via Putty
What is the difference between “Main” mode and “Quick” mode when using IPsec in Windows Server?
GPO software deployment without WMI?