-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Rob McMillen" <[EMAIL PROTECTED]> writes:
> Howdy, > I have a quick question. After reading the documentation regarding > ipq_ser_verdict(), I am under the assumption that if the verdict is DROP, > the packet is dropped immediately. However, if the verdict is ACCEPT, the > packet continues traversing the respective CHAIN rules. No, if you issue ACCEPT it is just accepted, like the ACCEPT target. The ipq_set_verdict(3) man page might have given you impression that it continues traversal of the rules, but it simply continues traversal through the kernel. > $IPT -A FORWARD -i $INET_IFACE -j LOG --log-prefix "Sending to QUEUE" > $IPT -A FORWARD -i $INET_IFACE -j QUEUE > $IPT -A FORWARD -i $INET_IFACE -j LOG --log-prefix "Back from QUEUE" > > I see everything I am supposed to see prior to the QUEUE. From the > program listening on the QUEUE, I am simply setting the verdict to ACCEPT (I > also know it's working because the packets get through). I've noticed the > QUEUE hangs if nothing is listening. Is this default behavior? If nothing > is listening to the QUEUE, shouldn't it simply return? If there is no userspace listener then QUEUE will drop the traffic as described in libipq(3). -----BEGIN PGP SIGNATURE----- Comment: Keeping the world safe for geeks. iD8DBQE8M6mgwBVKl/Nci0oRAgcnAJ43TU8G7oG5uZ5PryWicWGCr1js2wCgx5MB 06s1fqpC6AYcUtxY+NQnb5U= =QqMM -----END PGP SIGNATURE----- _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
