On Tue, Jan 22, 2002 at 07:52:30PM -0500, Brad Spengler wrote:
I've just tried my hand at writing an iptables module. It's a match
module that matches SYNs sent to unserved TCP ports and datagrams sent
to unserved UDP ports. Since doing something like this is impossible
with regular
On Tue, Jul 09, 2002 at 10:21:36PM +0200, Marcus Sundberg wrote:
Hi,
The multiport match checks for the IPT_INV_PROTO flag in the 'flags'
member of struct ipt_ip instead of in the 'invflags' member.
thanks for this fix.
diff -ur linux.current/net/ipv4/netfilter/ipt_multiport.c
On Wednesday 10 July 2002 11.16, Harald Welte wrote:
On Wed, Jul 10, 2002 at 10:00:36AM +0200, Peter Kundrat wrote:
before rewriting dst addr/port), and there is no mangle hook in
POSTROUTING (which would help, since it would be before SNAT).
yes, there is. You must be using a relatively
On Wednesday 10 July 2002 09.10, alex wrote:
I've seen numerous references to percieved problems with default
timeouts and potential DoS attacks on ip_conntrack but I'm starting
to think is possible to ip_conntrack just to miss connection
closures.
It can.. see the archives. Posted a