bugzilla-daemon at netfilter.org
2013-Jun-22 08:05 UTC
[Bug 696] Extra tcp options for REJECT --reject-with tcp-reset-both / tcp-reset-destination
https://bugzilla.netfilter.org/show_bug.cgi?id=696 --- Comment #5 from Alessandro Vesely <vesely at tana.it> 2013-06-22 10:05:55 CEST --- (In reply to comment #4)>> The kernel manages the seq and ack_seq counters itself, so it doesn't have >> to try > > ...for locally terminated connections, yes. But what about forwarded traffic? > That is where the difficulty comes in. Netfilter would need to be able to > manage both local sockets and forwarded traffic.That sounds correct to me. I don't know why the man page for REJECT says: This target is only valid in the INPUT, FORWARD and OUTPUT chains It could have excluded the FORWARD chain as well, if that could not be done cleanly. Similar limitations are obvious for other modules, such as xt_owner. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
Possibly Parallel Threads
- [Bug 696] Extra tcp options for REJECT --reject-with tcp-reset-both / tcp-reset-destination
- [Bug 696] Extra tcp options for REJECT --reject-with tcp-reset-both / tcp-reset-destination
- [Bug 696] Extra tcp options for REJECT --reject-with tcp-reset-both / tcp-reset-destination
- [Bug 531] Bridge + ip_forward + REJECT with tcp-reset not working as intended
- [Bug 531] Bridge + ip_forward + REJECT with tcp-reset not working as intended
Wisdom of the Ancients
