> (I don't think this has to do with ipmasq because it also happens when
> trying to connect() from the firewall box)
I now see that it needs to be covered in different places.
This patch fixes the local connect() case.
--- linux/net/ipv4/ip_output.c.old Fri Nov 6 03:50:39 1998
+++ linux/net/ipv4/ip_output.c Fri Nov 6 07:44:35 1998
@@ -230,6 +230,7 @@
struct device *dev;
struct iphdr *iph;
unsigned int tot_len;
+ int i;
/* Make sure we can route this packet. */
rt = (struct rtable *) sk->dst_cache;
@@ -284,8 +285,11 @@
dev = rt->u.dst.dev;
- if (call_out_firewall(PF_INET, dev, iph, NULL, &skb) < FW_ACCEPT)
+ if ((i=call_out_firewall(PF_INET, dev, iph, NULL, &skb)) < FW_ACCEPT) {
+ if (i==FW_REJECT)
+ icmp_send(skb,ICMP_DEST_UNREACH,ICMP_HOST_UNREACH,0);
goto drop;
+ }
/* This can happen when the transport layer has segments queued
* with a cached route, and by the time we get here things are
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/