Re: [netfilter-core] Mangle table rules are not taken into account in preliminary routing decision

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: Netfilter Development Mailinglist <netfilter-devel@vger.kernel.org>
Subject: Re: [netfilter-core] Mangle table rules are not taken into account in preliminary routing decision
Date: Mon, 15 Oct 2007 17:01:17 +0200	[thread overview]
Message-ID: <471380BD.7020904@plouf.fr.eu.org> (raw)
In-Reply-To: <4713751D.6080309@oktetlabs.ru>

Konstantin Ushakov a écrit :
>>
>>What about the REJECT target ?
> 
> Correct me if I'm mistaken, but REJECT target is only valid in filter
> table.

Correct.

> But the packet does not reach filter table because of reasons
> described by Patric (as we DROP it after mangle).

Im meant to use the REJECT target /instead of/ an "unreachable" routing 
rule.

Remove
ip rule add from all fwmark 0xb lookup 99 unreachable prio 40000

And add
iptables -t filter -A OUTPUT -m mark --mark 0xb \
   -j REJECT --rejected-with icmp-net-unreachable
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

     prev parent reply	other threads:[~2007-10-15 15:03 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <470CA4DF.6000803@oktetlabs.ru>
2007-10-11  4:10 ` [netfilter-core] Mangle table rules are not taken into account in preliminary routing decision Patrick McHardy
2007-10-11  6:47   ` Konstantin Ushakov
2007-10-11  7:21     ` Patrick McHardy
2007-10-11  9:13       ` Pascal Hambourg
2007-10-15 14:11         ` Konstantin Ushakov
2007-10-15 15:01           ` Pascal Hambourg [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=471380BD.7020904@plouf.fr.eu.org \
    --to=pascal.mail@plouf.fr.eu.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.