On Wed, Dec 05, 2018 at 12:59:43AM +0200, Pavel Melnik wrote:
> Hi
>
> > I'd just change NF_IP6_PRI_RAW to -450 and use ip6tables rules in raw
> > table.
>
> We will try, thanks
Have a look at:
commit 902d6a4c2a4f411582689e53fb101895ffe99028
Author: Subash Abhinov Kasiviswanathan
Date: Wed
Hi
I'd just change NF_IP6_PRI_RAW to -450 and use ip6tables rules in raw
table.
We will try, thanks
nft add table ip6 filter
nft add chain ...
and so on.
I have tried this, but no effect ..
Regards,
Pavel
Pavel Melnik wrote:
> We were asked to implement functionality to drop fragmented IPv6 packets,
> addressed to local interface, on device based 3.12 kernel
Urgh.
I'd just change NF_IP6_PRI_RAW to -450 and use ip6tables rules in raw
table.
> But we observed the 'same' issue if try to use
Hi
We were asked to implement functionality to drop fragmented IPv6
packets, addressed to local interface, on device based 3.12 kernel
As I understand it's not possible to do this by ip6tables rule in the
case when nf_conntrack is enabled, but it possible if use nftables
Could you please
