From: Eric Leblond <eric@regit.org>
To: Aaron Lewis <the.warl0ck.1989@gmail.com>
Cc: netfilter mailing list <netfilter@vger.kernel.org>
Subject: Re: Make packets go through when NFQUEUE app crashed
Date: Thu, 14 Feb 2013 08:10:46 +0100 [thread overview]
Message-ID: <1360825846.11976.2.camel@tiger2> (raw)
In-Reply-To: <CAJZVxRmKM5Wg+8V3LoZd=p5C0nsCOW1eabK+G7eHsM5h5QoymQ@mail.gmail.com>
Hi,
On Thu, 2013-02-14 at 11:04 +0800, Aaron Lewis wrote:
> Hi Eric,
>
> --queue-bypass wasn't a standard feature I guess?
>
> Is there a patch available? I'm running iptables v1.4.12
the NFQUEUE target option --queue-bypass is standard since kernel
2.6.39. Iptables has this since v1.4.11.
BR,
>
> On Wed, Feb 13, 2013 at 8:23 PM, Eric Leblond <eric@regit.org> wrote:
> > Hello
> >
> > Can you read the paragraph about queue-bypass in the article I point you to and tell me if it seems clear enough ;)
> >
> > BR
> >
> > Aaron Lewis <the.warl0ck.1989@gmail.com> a écrit :
> >
> >>Hi,
> >>
> >>I found that If the app that handles NFQUEUE crashed,
> >>all packets goes through that queue got stuck.
> >>
> >>Is there a way to prevent that from happening?
> >>I prefer to let ACCEPT all packets instead of blocking them, possible?
> >>
> >>iptables -I INPUT -p icmp -j NFQUEUE --queue-num 0
> >># If no app handles that queue, no packets could go through
> >>
> >>--
> >>Best Regards,
> >>Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ )
> >>Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
> >>--
> >>To unsubscribe from this list: send the line "unsubscribe netfilter" in
> >>the body of a message to majordomo@vger.kernel.org
> >>More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
>
--
Eric Leblond <eric@regit.org>
Blog: https://home.regit.org/
next prev parent reply other threads:[~2013-02-14 7:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-13 12:23 Make packets go through when NFQUEUE app crashed Eric Leblond
2013-02-14 3:04 ` Aaron Lewis
2013-02-14 7:10 ` Eric Leblond [this message]
2013-02-14 7:25 ` [SOLVED] " Aaron Lewis
-- strict thread matches above, loose matches on Subject: below --
2013-02-13 11:24 Aaron Lewis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1360825846.11976.2.camel@tiger2 \
--to=eric@regit.org \
--cc=netfilter@vger.kernel.org \
--cc=the.warl0ck.1989@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox