problems with netfilter 2.4.6 with mark unclean.

V man (venom@DarkStar.sns.it)
Wed, 4 Jul 2001 15:47:51 +0200


HI,
upgrading to new linux kernel
2.4.6, with FULL netfilter enabled and
compiled statically inside of the kernel,
a rule like

iptables -A INPUT -m unclean -j DROP

will put netfilter in condition to DROP
every tcp packet it receives.
That is not true with UDP or icmp,
(NFS and all icmp work)
but the kernel will DROP ALL tcp apckets.

That was not happening with 2.4.5 kernel and older, so that
i was able to use this rule against malformed packets.

I tried bot compiling kernel with egcs, gcc 2.95.3 and gcc 3.0.

System is
PentiumIII 550 Mhz
128 Mbyte Ram
1 IDE disk 33Mhz
intel MB vx 440

binutils 2.11.90.0.19
glibc 2.2.3

Bests
Luigi Genoni
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/