[PATCH iptables] doc: Note REDIRECT case of no IP address

[PATCH iptables] doc: Note REDIRECT case of no IP address

[Joseph C. Sible]

If an IP packet comes in on an interface that lacks a corresponding IP
address (which happens on, e.g., the veth's that Project Calico creates),
attempting to use REDIRECT on it will cause it to be dropped. Take note
of this in REDIRECT's documentation.

Signed-off-by: Joseph C. Sible <josephcsible@gmail.com>
---
 extensions/libxt_REDIRECT.man | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/extensions/libxt_REDIRECT.man b/extensions/libxt_REDIRECT.man
index 3400a6d..28d4d10 100644
--- a/extensions/libxt_REDIRECT.man
+++ b/extensions/libxt_REDIRECT.man
@@ -8,7 +8,8 @@ chains, and user-defined chains which are only called from those
 chains.  It redirects the packet to the machine itself by changing the
 destination IP to the primary address of the incoming interface
 (locally-generated packets are mapped to the localhost address,
-127.0.0.1 for IPv4 and ::1 for IPv6).
+127.0.0.1 for IPv4 and ::1 for IPv6, and packets arriving on
+interfaces that don't have an IP address configured are dropped).
 .TP
 \fB\-\-to\-ports\fP \fIport\fP[\fB\-\fP\fIport\fP]
 This specifies a destination port or range of ports to use: without
--
2.7.4

Re: [PATCH iptables] doc: Note REDIRECT case of no IP address

[Pablo Neira Ayuso]

On Tue, Aug 20, 2019 at 04:26:25PM -0400, Joseph C. Sible wrote:
> If an IP packet comes in on an interface that lacks a corresponding IP
> address (which happens on, e.g., the veth's that Project Calico creates),
> attempting to use REDIRECT on it will cause it to be dropped. Take note
> of this in REDIRECT's documentation.

Applied, thanks.