On Fri, Apr 19, 2002 at 03:21:40PM +0200, Jozsef Kadlecsik wrote: > On Wed, 17 Apr 2002, Harald Welte wrote: > > > No, I'm fine with that. However, we might also think about adding > > debug output to the NAT code, since paket manipulations are done without > > any rule matching (after the first packet has passed through). > > So maybe there could be some macro used at several points in the NAT code. > > The macro can be defined empty, if no debug table support is compiled in. > > Hm. Are you thinking on logging when say a conntrack/nat helper > generates/detects an expectation?
That, too - but that wasn't what I'm thinking of. I'm more thinking of 'DST IP address changed from x to y' 'SRC Port changed from a to b' At the time the NAT manipulations happen in PRE_ROUTING/POST_ROUTING > > Mh. 'first', 'before' ? I'm not good at naming... Is there a word > > (which ideally also has some funny conotation) expressing the meaning of > > 'before everything else' ? Any english native speakrers? > > What about something neutral: 'select' table > > I.e 'select' table for debugging packets, conntrack exemptions, early > dropping of spoofed packets, unclean ones, DoS protection, etc. Mh, let's name it 'select' until we have better ideas ;) > Regards, > Jozsef -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
