On Thu, Apr 25, 2002 at 10:41:52AM -0700, Don Cohen wrote:
My impression (please correct me if I'm wrong) is that pre is supposed
to catch packets coming into the box and post is supposed to catch
those going out.
I believe postrouting currently happens before a packet is queued for
dear all,
i wrote a little program, it link with iptables.c and invoke do_command
function, but when it call do_command(iptables -D .) thousands of
times, system memory be ate up, anyone found memory leak in iptables.c?
best regards
lee
Guillaume LĂ©croart wrote:
Then I thought of using policy routing to forward the ip packets directed
to tcp port 21 to the proxy box WITHOUT MODIFYING the DST IP address. Could
be funny and tricky, but I would need a way to do the same for the data
connections. Oh, of course, I could use a -m
Hi all again,
Another one of those suggestions. I hope it's not redundant as my previous
suggestions, if so, ignore this :-).
Would it be possible to make netfilter read/write state changes via some netlink like
sockets, just like the queue target does? Would this mean a huge amount of
On Fri, Apr 26, 2002 at 09:52:46AM -0700, Don Cohen wrote:
Harald Welte writes:
the counter argument is that the queue is part of the lower-layer drivers
and not part of the IPv4 stack. netfilter hooks are always restricted
to one protocol stack - there's separate hooks for ipv4,
Harald Welte writes:
On Fri, Apr 26, 2002 at 09:52:46AM -0700, Don Cohen wrote:
Harald Welte writes:
So you want to have a big case statement _after_ enqueuing of the packet
happens [ i.e. in the network TX softirq], calling NF_HOOK for the
respective protocol family?
Actually, after