Re: Stateless dropping of packets

From: Kevin Buhr (buhr@telus.net)
Date: Tue Apr 01 2003 - 17:50:39 EST

Next message: Martin Josefsson: "Re: netfilter/iptables bug ?"
Previous message: Matthew Dobson: "Re: [patch][rfc] Memory Binding (1/1)"
In reply to: Florian Weimer: "Stateless dropping of packets"
Next in thread: Florian Weimer: "Re: Stateless dropping of packets"
Reply: Florian Weimer: "Re: Stateless dropping of packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Florian Weimer <fw@deneb.enyo.de> writes:
>
> Is it possible to drop packets, preferably using 2.4 iptables, before
> the packet triggers updates of some caches (e.g. the route cache)?

If you DROP the packet in a PREROUTING chain, that should work. Since
the "filter" table doesn't have a PREROUTING chain, you need to use a
table that does, like the "mangle" table. For example:

iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP

should drop everything with a source in 10.0.0.0/8 without touching
the routing cache.

-- 
Kevin <buhr@telus.net>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Martin Josefsson: "Re: netfilter/iptables bug ?"
Previous message: Matthew Dobson: "Re: [patch][rfc] Memory Binding (1/1)"
In reply to: Florian Weimer: "Stateless dropping of packets"
Next in thread: Florian Weimer: "Re: Stateless dropping of packets"
Reply: Florian Weimer: "Re: Stateless dropping of packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Apr 07 2003 - 22:00:15 EST