Howdy,
I have a quick question. After reading the documentation regarding
ipq_ser_verdict(), I am under the assumption that if the verdict is DROP,
the packet is dropped immediately. However, if the verdict is ACCEPT, the
packet continues traversing the respective CHAIN rules.
This is what's happening. I basically have all my CHAINS default to
ACCEPT, and I am using these rules:
$IPT -A FORWARD -i $LAN_IFACE -m state --state NEW -j LOG --log-prefix
"FORWARD NEW: "
$IPT -A FORWARD -i $INET_IFACE -m state --state NEW -j LOG --log-prefix
"INET FORWARD NEW: "
$IPT -A FORWARD -i $INET_IFACE -j LOG --log-prefix "Sending to QUEUE"
$IPT -A FORWARD -i $INET_IFACE -j QUEUE
$IPT -A FORWARD -i $INET_IFACE -j LOG --log-prefix "Back from QUEUE"
I see everything I am supposed to see prior to the QUEUE. From the
program listening on the QUEUE, I am simply setting the verdict to ACCEPT (I
also know it's working because the packets get through). I've noticed the
QUEUE hangs if nothing is listening. Is this default behavior? If nothing
is listening to the QUEUE, shouldn't it simply return?
However, I don't see the Back from QUEUE log entry. Shouldn't I see the
last log after the packet is ACCEPT?
I am using kernel 2.4.9-13 with the bridge firewalling patch, and running
the firewall as a bridge/firewall.
Thanks,
Rob
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
