Re: [Possibly OT] ipt_unclean.c on kernel-2.4.7-9

• Next message: Pavel Machek: "Re: VCool - cool your Athlon/Duron during idle"
• Previous message: Gerd Knorr: "Re: v4l interface questions"
• In reply to: Fabbione: "[Possibly OT] ipt_unclean.c on kernel-2.4.7-9"
• Next in thread: Fabbione: "Re: [Possibly OT] ipt_unclean.c on kernel-2.4.7-9"
• Reply: Fabbione: "Re: [Possibly OT] ipt_unclean.c on kernel-2.4.7-9"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <3B8A262C.82ED7793@ted.ericsson.dk> you write:
> Hi gurus,
> I've possibly found a bug in the iptables unclean match support
> but I was not able to find the email of the mantainer so I'm posting
> here....
>
> the module is incorrectly matching ftp session. Ex:
>
> iptables -j DROP -A INPUT --match unclean
> iptables -j ACCEPT -A INPUT -p tcp --dport 21
>
> in this case all my packets directed to the ftp server where dropped by
> the
> "unclean" match and this make impossible to open ftp session.

Please do not do this. "unclean" should be renamed "interesting": you
should log these packets, but probably not drop them, otherwise some
things may break.

Like ECN...

Cheers,
Rusty.

--
Premature optmztion is rt of all evl. --DK
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Pavel Machek: "Re: VCool - cool your Athlon/Duron during idle"
• Previous message: Gerd Knorr: "Re: v4l interface questions"
• In reply to: Fabbione: "[Possibly OT] ipt_unclean.c on kernel-2.4.7-9"
• Next in thread: Fabbione: "Re: [Possibly OT] ipt_unclean.c on kernel-2.4.7-9"
• Reply: Fabbione: "Re: [Possibly OT] ipt_unclean.c on kernel-2.4.7-9"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Aug 31 2001 - 21:00:28 EST