Hi all packets hackers...
This is just to inform that the today CVS of netfilter is giving this
to me:
make patch-o-matic
Making dependencies: please wait...
Something wrong... deleting dependencies.
make: *** [/coisas/linux/include/linux/netfilter_ipv4/ipt_dcsp.h] Error1
This is over 2.4.18
On Monday 03 June 2002 17:58, Balazs Scheidler wrote:
> TODO:
> * when the socket is closed, the entry assigned to the socket
> should be deleted. Sadly the only solution is to patch the core to
> notify tproxy about this event, so the assigned entry can be
> deleted.
The standard conntrack code
On Monday 03 June 2002 12:03, Jozsef Kadlecsik wrote:
> Hi,
>
> On Sun, 2 Jun 2002, A. van Schie wrote:
> > I saw something strange that I think comes from ip_conntrack.
> >
> > I'm using conntrack-state to filter my packets.
> > A simple version of my rules look like this:
> > iptables -A OUTPU
Hi,
I've released my new release of the Linux transparent proxy patch. It is
available at:
http://www.balabit.hu/en/downloads/tproxy/
or
http://www.balabit.hu/downloads/tproxy/linux-2.4/cttproxy-2.4.18-02.tar.gz
It features:
* test programs for listening on/connecting from foreign addresses
> However there are so many sanity checkings in unclean that it's not so
> easy to design an intuitive and handy interface.
i will look into it, i have seen tons of checks, maybe it is possible to
divise a strategy.
> > 1. match ip unused and log or drop
> > 2. match some scans using --tcp-flags
Hi,
On Sun, 2 Jun 2002, A. van Schie wrote:
> I saw something strange that I think comes from ip_conntrack.
>
> I'm using conntrack-state to filter my packets.
> A simple version of my rules look like this:
> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A OUT
Hi Chen,
> Now the IPv6 version of REJECT target doesn't support --reject-with
> tcp-reset, right?
> I have improved it to support tcp-reset.
> Are you interested in the improvement?
Harald wrote the REJECT6 target, and the IPv6 - somewhere - belongs to
me.
I saved Your patch, and I will check i