Hi, I tried this also but I don't have this prestate table at all. What version of iptables has it? I found a patch somewhere on the web but not in patch-o-matic for this.
Thanks, Yogini -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jacek Konieczny Sent: Tuesday, March 12, 2002 11:41 AM To: [EMAIL PROTECTED] Subject: Re: HELP! iptables -f flag does not drop fragments... On Tue, Mar 12, 2002 at 11:15:55AM -0800, Yogini Parkhi wrote: > HI Jacek, > Thanks for you help! > I tried this and this is what iptables says: > > root@nmdev:~>iptables -t prestate -f -j NOTRACK > iptables v1.2.5: no command specified > Try `iptables -h' or 'iptables --help' for more information.a Ugh I forgot "-A PREROUTING" :-( > > I never saw the prestate table in iptables help anywhere?? From iptables man-page: NOTRACK This target extension is built into the prestate table extension. It can be used to mark packets, so that those are ignored by the underlying conntrack module and the nat table. In consequence, those packets are not seen by the conntrack/NAT helpers and the state of their related packets (if those are not marked by NOTRACK as well) are INVALID (!) instead of RELATED. > What should I do to fix this? try: iptables -t prestate -A PREROUTING -f -j NOTRACK I still didn't try if it works, but this command is accepted by iptables. Greets, Jacek
