Regarding ECN I've it on on most of my boxes without any problems (I
don't care
if I cannot look to lego.com). but I don't want to restart again the ECN
discussion
there were sometimes ago in the ML.
Cheers
Fabio
Rusty Russell wrote:
>
> In message <3B8A262C.82ED7793@ted.ericsson.dk> you write:
> > Hi gurus,
> > I've possibly found a bug in the iptables unclean match support
> > but I was not able to find the email of the mantainer so I'm posting
> > here....
> >
> > the module is incorrectly matching ftp session. Ex:
> >
> > iptables -j DROP -A INPUT --match unclean
> > iptables -j ACCEPT -A INPUT -p tcp --dport 21
> >
> > in this case all my packets directed to the ftp server where dropped by
> > the
> > "unclean" match and this make impossible to open ftp session.
>
> Please do not do this. "unclean" should be renamed "interesting": you
> should log these packets, but probably not drop them, otherwise some
> things may break.
>
> Like ECN...
>
> Cheers,
> Rusty.
> --
> Premature optmztion is rt of all evl. --DK
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/