On Mon, 4 Mar 2002, Maciej Soltysiak wrote: > after some discussion on the list on using unclean match i come to the > notion that this match would be great if it had some options to match. [...]
> If the packet matched by UNCLEAN match has invalid checksum it should be > replied with icmp parameter problem, not with icmp dest unreachables. Currently the REJECT target cannot generate icmp parameter problem packets. > What I recommend (request/plead) is the this to be possible. > # iptables -A INPUT -p tcp -m unclean --unclean tcp-flags -j REJECT \ > --reject-with tcp-reset > > # iptables -A INPUT -m unclean --unclean hd-cksum ... > # iptables -A INPUT -m unlcean --unclean something else ... > What do you think ? It could be implemented fairly easily. One should only keep in mind that for backward compatibility reasons unclean matching without any flags should match all unclean packets. Regards, Jozsef - E-mail : [EMAIL PROTECTED], [EMAIL PROTECTED] WWW-Home: http://www.kfki.hu/~kadlec Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
