xt_TRACE is a useful target to allow one to annotate (mark) packets for logging as they bounce amongst the iptables rulesets.
While rarely used in production, it is useful in manually debugging iptables (either adding custom rules by hand, or making extensions to the firewall). Signed-off-by: Philip Prindeville <[email protected]>
Index: include/netfilter.mk =================================================================== --- include/netfilter.mk (revision 26460) +++ include/netfilter.mk (working copy) @@ -42,6 +42,7 @@ $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_COMMENT, $(P_XT)xt_comment)) $(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_LOG, $(P_V4)ipt_LOG)) +$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE)) $(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_TCPMSS, $(P_V4)ipt_TCPMSS)) $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TCPMSS, $(P_XT)xt_TCPMSS)) $(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_REJECT, $(P_V4)ipt_REJECT)) Index: package/kernel/modules/netfilter.mk =================================================================== --- package/kernel/modules/netfilter.mk (revision 26460) +++ package/kernel/modules/netfilter.mk (working copy) @@ -29,6 +29,7 @@ - LOG - mac - multiport + - TRACE - REJECT - TCPMSS endef
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
