On Fri, Jul 05, 2002 at 12:01:21PM +0800, Fabrice MARIE wrote:
Hello Harald,
On Friday 05 July 2002 07:58, Harald Welte wrote:
[...]
yes. But then, how do we distinguish between terminating targets [where
we can have only one per rule] and non-terminating targets AKA actions,
where
Hi Harald,
On Fri, Jul 05, 2002 at 04:21:27PM +0200, Harald Welte wrote:
You could just add a boolean field 'terminating' to the iptables_target.
Then, make sure iptables abort and complains if it sees more than one
terminating target being requested in a single rule.
no, it's not
On Tue, 2 Jul 2002, Harald Welte wrote:
On Mon, Jul 01, 2002 at 09:50:18AM +0200, Balazs Scheidler wrote:
On Sat, Jun 29, 2002 at 12:36:36PM +0200, Henrik Nordstrom wrote:
On Saturday 29 June 2002 11.46, Patrick McHardy wrote:
So the question to the Netfilter core team is if it would be
For the record:
match module:
pro: no naming issue, current well known concepts can be kept
pro: couple of modules can be unified
con: ordering issue
I strongly prefer this solution, with the added requirement that order
issues should be defined clearly, and have a clear
On Wednesday 03 July 2002 14.41, Fabrice MARIE wrote:
I proposed the last one some time ago. A solution to the ordering
issue is to have two kind of targets:
1- terminal target (ie ACCEPT, DROP, REJECT, jump to chain, etc...)
2- non terminal target (ie TTL, MARK, IPV4OPTSSTRIP, etc...)
The
Hi.
Patrick Schaaf wrote:
After not receiving a response for two weeks second try:
Sorry. Here we go:
The attached patch adds a new option --terminate to the MARK target
which lets the user choose if MARK should return IPT_CONTINUE
(normal behaviour) or NF_ACCEPT (to terminate further rule
On Mon, Jul 01, 2002 at 09:50:18AM +0200, Balazs Scheidler wrote:
On Sat, Jun 29, 2002 at 12:36:36PM +0200, Henrik Nordstrom wrote:
On Saturday 29 June 2002 11.46, Patrick McHardy wrote:
So the question to the Netfilter core team is if it would be OK to add
a new option and module class
On Mon, Jul 01, 2002 at 11:47:09AM +0200, Jozsef Kadlecsik wrote:
On Sat, 29 Jun 2002, Henrik Nordstrom wrote:
[...]
I proposed adding a new class of iptables things between matches and
targets, being neither a match for filtering or a target that
determines the ultimate fate of the
Jozsef Kadlecsik wrote:
- rewrite the IPT_CONTINUE targets as matches
I am not very fond of this.. besides the order dependency it also has the
question on how to easily determine what will happen with the packet.. No
obvious distinction between something that matches packets and something
On Mon, 1 Jul 2002, Henrik Nordstrom wrote:
- rewrite the IPT_CONTINUE targets as matches
I am not very fond of this.. besides the order dependency it also has the
question on how to easily determine what will happen with the packet.. No
obvious distinction between something that matches
After not receiving a response for two weeks second try:
Sorry. Here we go:
The attached patch adds a new option --terminate to the MARK target
which lets the user choose if MARK should return IPT_CONTINUE
(normal behaviour) or NF_ACCEPT (to terminate further rule processing).
[...]
A
On Saturday 29 June 2002 11.46, Patrick McHardy wrote:
A CONNMARK patch will follow but currently CONNMARK doesn't apply
clean against 2.4.18/2.4.19-pre10 ..
Note: There is two versions of the CONNMARK patch. The one in extra
applies if you are using the new_nat patch, the one on old_nat if
12 matches
Mail list logo
