Jumping Chains

• A rule can jump a packet to another chain

• If it is not ACCEPTed or DROPped in the new chain, processing returns to the original chain and resumes at the next rule after the jump

• The RETURN command (properly a target) returns the packet to the original chain without traversing the rest of the new chain

• Nested jumps are allowed

• Essential to our implementation of security policies

Notes: