* problems with netfilter 2.4.6 with mark unclean.
@ 2001-07-04 13:47 V man
0 siblings, 0 replies; only message in thread
From: V man @ 2001-07-04 13:47 UTC (permalink / raw)
To: marc; +Cc: linux-kernel
HI,
upgrading to new linux kernel
2.4.6, with FULL netfilter enabled and
compiled statically inside of the kernel,
a rule like
iptables -A INPUT -m unclean -j DROP
will put netfilter in condition to DROP
every tcp packet it receives.
That is not true with UDP or icmp,
(NFS and all icmp work)
but the kernel will DROP ALL tcp apckets.
That was not happening with 2.4.5 kernel and older, so that
i was able to use this rule against malformed packets.
I tried bot compiling kernel with egcs, gcc 2.95.3 and gcc 3.0.
System is
PentiumIII 550 Mhz
128 Mbyte Ram
1 IDE disk 33Mhz
intel MB vx 440
binutils 2.11.90.0.19
glibc 2.2.3
Bests
Luigi Genoni
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2001-07-04 13:48 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-07-04 13:47 problems with netfilter 2.4.6 with mark unclean V man
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).