In which order are rules of custom iptables chains evaluated?

networking iptables

I am fairly new to iptables. The picture below shows the order in which chains are evaluated based on my current understanding. If that impression is wrong please let me know.

My question is where in the following diagramm is a custom chain placed when I add it like that?

sudo iptables -N MYCHAIN

I know that command creates a new chain in the filter table, but I am not sure what that means. Are rules of MYCHAIN evaluated before or after rules of the other chains?

http://i.imgur.com/aIRS91L.png


After creating a CHAIN you need to add a rule to pass traffic to it. Like

iptables -A INPUT -j MYCHAIN

Now all traffic that reached the end of INPUT will go to MYCHAIN. Then if traffic does not meet any conditions (or meet but with -j RETURN action) in MYCHAIN in continues to flow from the point it went to MYCHAIN. So your chain can be anywhere on a diagram.


A user defined chain is walked through when a rule from a built-in chain jumps to it. When the user defined chain ends you jump back to rule following the rule that made you jump to the custom rule. If the packet matches a rule in a user defined chain with a terminating target (such as accept) processing ends.

Not sure my wording is clear enough but that's it.

Related

How to add an existing key to the certutil key database
Why does a ZFS resilver scan the entire pool?
Automating WSUS via PowerShell
Why is routing neither CPU nor memory intensive? [closed]
Tinyproxy Refused CONNECT method
What happens if the DHCP server comes online after the client devices do?
How to run Gunicorn upstream with an Nginx SSL configuration?
How to permanently increase RabbitMQ file descriptors limit
Logwatch is not respecting MailFrom
How can I enable Ping on an Azure Linux VM
Adding more mirrored vdevs to a ZFS pool on Ubuntu
Shrink partition to exactly fit the underlying filesystem size