Iptables redirect AFTER INPUT/FORWARD chain processing
 

Hi All

I have a webserver listening on port 79, and showing the splash page, no matter what the request. When I put this in my nat table:

iptables -t nat -D PREROUTING -i eth0 -p tcp -j REDIRECT --to-port 79

I get the desired effect. Only problem is that I don't know till much later for which hosts I need this.

I have a fairly complex firewall that processes *a lot* of rules in it's INPUT and FORWARD chains. What I need to do, is to redirect all the packets that INPUT and FORWARD would have dropped, to that port, for the permanent splash page.

My questions:

1) Is there a way?

2) Should I maybe tag/mangle the packets that would have been dropped and then redirect at POSTROUTING? (Very tedious)

3) Can I redirect directly from INPUT/FORWARD?

4) Can I send the packet back to PREROUTING from INPUT/FORWARD?

Would much appreciate any info you have!
Thanks
:study: