* iptables & ebtables
@ 2005-10-14 4:07 bend chen
2005-10-14 13:53 ` Jörg Harmuth
0 siblings, 1 reply; 5+ messages in thread
From: bend chen @ 2005-10-14 4:07 UTC (permalink / raw)
To: netfilter
HI,netfilter-user
I have some question£¬pleas help me.
1\if I used ebtables process a package,but need iptables can't process THIS package,how can I do?
2\can i use iptables drop some LENGTH package, can I mach : if the package > 128K then DROP?
thanks you help
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: iptables & ebtables
2005-10-14 4:07 iptables & ebtables bend chen
@ 2005-10-14 13:53 ` Jörg Harmuth
2005-10-14 18:14 ` Henrik Nordstrom
0 siblings, 1 reply; 5+ messages in thread
From: Jörg Harmuth @ 2005-10-14 13:53 UTC (permalink / raw)
To: netfilter
bend chen wrote:
> HI,netfilter-user
>
>
> I have some question,pleas help me.
> 1\if I used ebtables process a package,but need iptables can't process THIS package,how can I do?
Sorry, I can't parse this sentence
> 2\can i use iptables drop some LENGTH package, can I mach : if the package > 128K then DROP?
Yes. Use the length match, e.g.
iptables -A INPUT -p tcp -m length --length --length 1501: -j DROP
will send all tcp-packets with more than 1500 bytes to nirvana. BTW,
neither tcp (1500 bytes max) nor udp (65 KBytes max) will ever generate
packets of the size you mentioned above. ICMP packets are even smaller -
i don't recall max size at the moment.
HTH,
Joerg
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: iptables & ebtables
2005-10-14 13:53 ` Jörg Harmuth
@ 2005-10-14 18:14 ` Henrik Nordstrom
0 siblings, 0 replies; 5+ messages in thread
From: Henrik Nordstrom @ 2005-10-14 18:14 UTC (permalink / raw)
To: Jörg Harmuth; +Cc: netfilter
On Fri, 14 Oct 2005, [UTF-8] Jörg Harmuth wrote:
> will send all tcp-packets with more than 1500 bytes to nirvana. BTW, neither
> tcp (1500 bytes max) nor udp (65 KBytes max) will ever generate packets of
> the size you mentioned above. ICMP packets are even smaller - i don't recall
> max size at the moment.
Both TCP and UDP is limited by the max IP packet size, approx 65KB for
IPv4.
TCP normally generates small packets <1500, but if you disable Path-MTU
discovery larger packets may be seen, just as can be seen with UDP.
Regards
Henrik
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: iptables & ebtables
@ 2005-10-15 8:28 bend chen
2005-10-16 17:38 ` Henrik Nordstrom
0 siblings, 1 reply; 5+ messages in thread
From: bend chen @ 2005-10-15 8:28 UTC (permalink / raw)
To: netfilter
Hi,netfilter£¬
Thanks Joerg help.
i wrote:
If I used ebtables process a package,but need iptables can't process THIS package,how can I do?
this means:
if i use ebtalbes(http://ebtables.sourceforge.net) manage a package(like a ftp-package),for example: set-mark.
for this package (ftp-package),not need iptables manage this package,how do i do?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: iptables & ebtables
2005-10-15 8:28 bend chen
@ 2005-10-16 17:38 ` Henrik Nordstrom
0 siblings, 0 replies; 5+ messages in thread
From: Henrik Nordstrom @ 2005-10-16 17:38 UTC (permalink / raw)
To: bend chen; +Cc: netfilter
On Sat, 15 Oct 2005, bend chen wrote:
> If I used ebtables process a package,but need iptables can't process THIS package,how can I do?
What kind of packet is it?
If you have set a mark in ebtables then you can look for this mark in
iptables using the mark match.
Regards
Henrik
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-10-16 17:38 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-10-14 4:07 iptables & ebtables bend chen
2005-10-14 13:53 ` Jörg Harmuth
2005-10-14 18:14 ` Henrik Nordstrom
-- strict thread matches above, loose matches on Subject: below --
2005-10-15 8:28 bend chen
2005-10-16 17:38 ` Henrik Nordstrom
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.