From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Leblond Subject: Re: Make packets go through when NFQUEUE app crashed Date: Thu, 14 Feb 2013 08:10:46 +0100 Message-ID: <1360825846.11976.2.camel@tiger2> References: Mime-Version: 1.0 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: In-Reply-To: Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="iso-8859-1" To: Aaron Lewis Cc: netfilter mailing list Hi, On Thu, 2013-02-14 at 11:04 +0800, Aaron Lewis wrote: > Hi Eric, >=20 > --queue-bypass wasn't a standard feature I guess? >=20 > Is there a patch available? I'm running iptables v1.4.12 the NFQUEUE target option --queue-bypass is standard since kernel 2.6.39. Iptables has this since v1.4.11. BR, >=20 > On Wed, Feb 13, 2013 at 8:23 PM, Eric Leblond wrote: > > Hello > > > > Can you read the paragraph about queue-bypass in the article I poin= t you to and tell me if it seems clear enough ;) > > > > BR > > > > Aaron Lewis a =C3=A9crit : > > > >>Hi, > >> > >>I found that If the app that handles NFQUEUE crashed, > >>all packets goes through that queue got stuck. > >> > >>Is there a way to prevent that from happening? > >>I prefer to let ACCEPT all packets instead of blocking them, possib= le? > >> > >>iptables -I INPUT -p icmp -j NFQUEUE --queue-num 0 > >># If no app handles that queue, no packets could go through > >> > >>-- > >>Best Regards, > >>Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ ) > >>Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E > >>-- > >>To unsubscribe from this list: send the line "unsubscribe netfilter= " in > >>the body of a message to majordomo@vger.kernel.org > >>More majordomo info at http://vger.kernel.org/majordomo-info.html >=20 >=20 >=20 --=20 Eric Leblond Blog: https://home.regit.org/