* Make packets go through when NFQUEUE app crashed
@ 2013-02-13 11:24 Aaron Lewis
0 siblings, 0 replies; 5+ messages in thread
From: Aaron Lewis @ 2013-02-13 11:24 UTC (permalink / raw)
To: netfilter mailing list
Hi,
I found that If the app that handles NFQUEUE crashed,
all packets goes through that queue got stuck.
Is there a way to prevent that from happening?
I prefer to let ACCEPT all packets instead of blocking them, possible?
iptables -I INPUT -p icmp -j NFQUEUE --queue-num 0
# If no app handles that queue, no packets could go through
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Make packets go through when NFQUEUE app crashed
@ 2013-02-13 12:23 Eric Leblond
2013-02-14 3:04 ` Aaron Lewis
0 siblings, 1 reply; 5+ messages in thread
From: Eric Leblond @ 2013-02-13 12:23 UTC (permalink / raw)
To: Aaron Lewis; +Cc: netfilter mailing list
Hello
Can you read the paragraph about queue-bypass in the article I point you to and tell me if it seems clear enough ;)
BR
Aaron Lewis <the.warl0ck.1989@gmail.com> a écrit :
>Hi,
>
>I found that If the app that handles NFQUEUE crashed,
>all packets goes through that queue got stuck.
>
>Is there a way to prevent that from happening?
>I prefer to let ACCEPT all packets instead of blocking them, possible?
>
>iptables -I INPUT -p icmp -j NFQUEUE --queue-num 0
># If no app handles that queue, no packets could go through
>
>--
>Best Regards,
>Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ )
>Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
>--
>To unsubscribe from this list: send the line "unsubscribe netfilter" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Make packets go through when NFQUEUE app crashed
2013-02-13 12:23 Make packets go through when NFQUEUE app crashed Eric Leblond
@ 2013-02-14 3:04 ` Aaron Lewis
2013-02-14 7:10 ` Eric Leblond
0 siblings, 1 reply; 5+ messages in thread
From: Aaron Lewis @ 2013-02-14 3:04 UTC (permalink / raw)
To: Eric Leblond; +Cc: netfilter mailing list
Hi Eric,
--queue-bypass wasn't a standard feature I guess?
Is there a patch available? I'm running iptables v1.4.12
On Wed, Feb 13, 2013 at 8:23 PM, Eric Leblond <eric@regit.org> wrote:
> Hello
>
> Can you read the paragraph about queue-bypass in the article I point you to and tell me if it seems clear enough ;)
>
> BR
>
> Aaron Lewis <the.warl0ck.1989@gmail.com> a écrit :
>
>>Hi,
>>
>>I found that If the app that handles NFQUEUE crashed,
>>all packets goes through that queue got stuck.
>>
>>Is there a way to prevent that from happening?
>>I prefer to let ACCEPT all packets instead of blocking them, possible?
>>
>>iptables -I INPUT -p icmp -j NFQUEUE --queue-num 0
>># If no app handles that queue, no packets could go through
>>
>>--
>>Best Regards,
>>Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ )
>>Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
>>--
>>To unsubscribe from this list: send the line "unsubscribe netfilter" in
>>the body of a message to majordomo@vger.kernel.org
>>More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Make packets go through when NFQUEUE app crashed
2013-02-14 3:04 ` Aaron Lewis
@ 2013-02-14 7:10 ` Eric Leblond
2013-02-14 7:25 ` [SOLVED] " Aaron Lewis
0 siblings, 1 reply; 5+ messages in thread
From: Eric Leblond @ 2013-02-14 7:10 UTC (permalink / raw)
To: Aaron Lewis; +Cc: netfilter mailing list
Hi,
On Thu, 2013-02-14 at 11:04 +0800, Aaron Lewis wrote:
> Hi Eric,
>
> --queue-bypass wasn't a standard feature I guess?
>
> Is there a patch available? I'm running iptables v1.4.12
the NFQUEUE target option --queue-bypass is standard since kernel
2.6.39. Iptables has this since v1.4.11.
BR,
>
> On Wed, Feb 13, 2013 at 8:23 PM, Eric Leblond <eric@regit.org> wrote:
> > Hello
> >
> > Can you read the paragraph about queue-bypass in the article I point you to and tell me if it seems clear enough ;)
> >
> > BR
> >
> > Aaron Lewis <the.warl0ck.1989@gmail.com> a écrit :
> >
> >>Hi,
> >>
> >>I found that If the app that handles NFQUEUE crashed,
> >>all packets goes through that queue got stuck.
> >>
> >>Is there a way to prevent that from happening?
> >>I prefer to let ACCEPT all packets instead of blocking them, possible?
> >>
> >>iptables -I INPUT -p icmp -j NFQUEUE --queue-num 0
> >># If no app handles that queue, no packets could go through
> >>
> >>--
> >>Best Regards,
> >>Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ )
> >>Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
> >>--
> >>To unsubscribe from this list: send the line "unsubscribe netfilter" in
> >>the body of a message to majordomo@vger.kernel.org
> >>More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
>
--
Eric Leblond <eric@regit.org>
Blog: https://home.regit.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* [SOLVED] Re: Make packets go through when NFQUEUE app crashed
2013-02-14 7:10 ` Eric Leblond
@ 2013-02-14 7:25 ` Aaron Lewis
0 siblings, 0 replies; 5+ messages in thread
From: Aaron Lewis @ 2013-02-14 7:25 UTC (permalink / raw)
To: Eric Leblond; +Cc: netfilter mailing list
Hi Eric,
Thanks, I made a mistake, it's actually supported on my VM.
I'm gonna check the kernel / ipt version on other system now.
On Thu, Feb 14, 2013 at 3:10 PM, Eric Leblond <eric@regit.org> wrote:
> Hi,
>
> On Thu, 2013-02-14 at 11:04 +0800, Aaron Lewis wrote:
>> Hi Eric,
>>
>> --queue-bypass wasn't a standard feature I guess?
>>
>> Is there a patch available? I'm running iptables v1.4.12
>
> the NFQUEUE target option --queue-bypass is standard since kernel
> 2.6.39. Iptables has this since v1.4.11.
>
> BR,
>>
>> On Wed, Feb 13, 2013 at 8:23 PM, Eric Leblond <eric@regit.org> wrote:
>> > Hello
>> >
>> > Can you read the paragraph about queue-bypass in the article I point you to and tell me if it seems clear enough ;)
>> >
>> > BR
>> >
>> > Aaron Lewis <the.warl0ck.1989@gmail.com> a écrit :
>> >
>> >>Hi,
>> >>
>> >>I found that If the app that handles NFQUEUE crashed,
>> >>all packets goes through that queue got stuck.
>> >>
>> >>Is there a way to prevent that from happening?
>> >>I prefer to let ACCEPT all packets instead of blocking them, possible?
>> >>
>> >>iptables -I INPUT -p icmp -j NFQUEUE --queue-num 0
>> >># If no app handles that queue, no packets could go through
>> >>
>> >>--
>> >>Best Regards,
>> >>Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ )
>> >>Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
>> >>--
>> >>To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> >>the body of a message to majordomo@vger.kernel.org
>> >>More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>>
>>
>
> --
> Eric Leblond <eric@regit.org>
> Blog: https://home.regit.org/
>
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-02-14 7:25 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-02-13 12:23 Make packets go through when NFQUEUE app crashed Eric Leblond
2013-02-14 3:04 ` Aaron Lewis
2013-02-14 7:10 ` Eric Leblond
2013-02-14 7:25 ` [SOLVED] " Aaron Lewis
-- strict thread matches above, loose matches on Subject: below --
2013-02-13 11:24 Aaron Lewis
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox