Re: Stateless dropping of packets

Kevin Buhr (buhr@telus.net)
01 Apr 2003 14:50:39 -0800


Florian Weimer <fw@deneb.enyo.de> writes:
>
> Is it possible to drop packets, preferably using 2.4 iptables, before
> the packet triggers updates of some caches (e.g. the route cache)?

If you DROP the packet in a PREROUTING chain, that should work. Since
the "filter" table doesn't have a PREROUTING chain, you need to use a
table that does, like the "mangle" table. For example:

iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP

should drop everything with a source in 10.0.0.0/8 without touching
the routing cache.

-- 
Kevin <buhr@telus.net>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/