Yes,
1. The QUEUE will hang if nothing is setting verdicts
( maybe that should have an option )
2. In the past I DID get that LOG thing to work as you
describe below.
I'll have to try that again now.
Odd...
Anyone ? That doesn't seem right...
-AEF
On Wed, 2002-01-02 at 23:52, Rob McMillen wrote:
> Howdy,
> I have a quick question. After reading the documentation regarding
> ipq_ser_verdict(), I am under the assumption that if the verdict is DROP,
> the packet is dropped immediately. However, if the verdict is ACCEPT, the
> packet continues traversing the respective CHAIN rules.
>
> This is what's happening. I basically have all my CHAINS default to
> ACCEPT, and I am using these rules:
>
> $IPT -A FORWARD -i $LAN_IFACE -m state --state NEW -j LOG --log-prefix
> "FORWARD NEW: "
> $IPT -A FORWARD -i $INET_IFACE -m state --state NEW -j LOG --log-prefix
> "INET FORWARD NEW: "
> $IPT -A FORWARD -i $INET_IFACE -j LOG --log-prefix "Sending to QUEUE"
> $IPT -A FORWARD -i $INET_IFACE -j QUEUE
> $IPT -A FORWARD -i $INET_IFACE -j LOG --log-prefix "Back from QUEUE"
>
> I see everything I am supposed to see prior to the QUEUE. From the
> program listening on the QUEUE, I am simply setting the verdict to ACCEPT (I
> also know it's working because the packets get through). I've noticed the
> QUEUE hangs if nothing is listening. Is this default behavior? If nothing
> is listening to the QUEUE, shouldn't it simply return?
> However, I don't see the Back from QUEUE log entry. Shouldn't I see the
> last log after the packet is ACCEPT?
>
> I am using kernel 2.4.9-13 with the bridge firewalling patch, and running
> the firewall as a bridge/firewall.
>
> Thanks,
>
> Rob
>
>
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
