bugzilla-daemon@netfilter.org
2003-Apr-14 07:43 UTC
[Bug 77] a bug in the chain PREROUTING of the table nat
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=77 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|critical |trivial Status|NEW |RESOLVED Resolution| |INVALID Summary|a bug in the chain |a bug in the chain |PREROUTING of the table nat |PREROUTING of the table nat ------- Additional Comments From laforge@netfilter.org 2003-04-14 09:43 ------- Please try to understand how netfilter works before filing a bug report. The described behaviour is perfectly normal. The 'nat' table is traversed for every _first_ packet of a connection. You can delete all nat rules, but already-established connections will remain active (and NATed). Due to the connectionless operation of UDP, we cannot tell UDP sessions apart if they use the same (scrip,srcport,dstip,dstport) tuple. Apart from that, your -t nat -I PREROUTING -j DROP rule will also only consider the first packet of every connection. It seems like you have some misunderstanding about the semantics. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.