So I added
sudo iptables -t raw -A PREROUTING -p tcp --dport 25 -j TRACE
as well as
sudo iptables -t raw -A OUTPUT -p tcp --dport 25 -j TRACE
and when I grep my syslog for TRACE I get output that looks like this
Jan 19 09:14:46 dev109 kernel: [29067248.683235] TRACE: raw:OUTPUT:rule:2 IN= OUT=eth0 ...
Jan 19 09:14:46 dev109 kernel: [29067248.683244] TRACE: raw:OUTPUT:policy:5 IN= OUT=eth0 ...
Jan 19 09:14:46 dev109 kernel: [29067248.683254] TRACE: mangle:OUTPUT:policy:1 IN= OUT=eth0 ...
Jan 19 09:14:46 dev109 kernel: [29067248.683262] TRACE: filter:OUTPUT:policy:1 ...
Jan 19 09:14:46 dev109 kernel: [29067248.683269] TRACE: mangle:POSTROUTING:policy:1 ...
Jan 19 09:14:46 dev109 kernel: [29067248.683432] TRACE: raw:OUTPUT:rule:4 IN= OUT=eth0 ...
Jan 19 09:14:46 dev109 kernel: [29067248.683441] TRACE: raw:OUTPUT:policy:5 IN= OUT=eth0 ...
I am trying to understand what the policy numbers refer to, is policy:1 == ACCEPT?, if so what does policy:5 mean?
policy:1 is type:rulenum. Or put another way type="policy" and rulenum=1.
Read this carefully. Specifically:
TRACE This target marks packes so that the kernel will log every rule which match the packets as those traverse the tables, chains, rules. (The ipt_LOG or ip6t_LOG module is required for the logging.) The packets are logged with the string prefix:
"TRACE: tablename:chainname:type:rulenum " where type can be "rule" for plain rule, "return" for implicit rule at the end of a user defined chain and "policy" for the policy of the built in chains. It can only be used in the raw table.
Now let's take one of the prefixes from the question TRACE: mangle:OUTPUT:policy:1 and apply what we've learned:
tablename = mangle
chainname = OUTPUT
type = policy]
rulenum = 1