Re: icmp messages to spoofed addressacceptedby -m conntrack --ctstate

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Jim Laurino <nfcan.x.jimlaur@dfgh.net>
To: netfilter list <netfilter@lists.netfilter.org>
Subject: Re: icmp messages to spoofed addressacceptedby -m conntrack --ctstate
Date: Fri, 19 Mar 2004 19:25:12 -0500	[thread overview]
Message-ID: <20040320002512.GC3373@salty> (raw)

Hi,

Well, yes, but my question is not whether
someone is spoofing my ip, but whether
the iptables connection tracking code
should match the icmp packet if there
was no packet sent out.

Will someone explain whether the
match is the expected behavior of this rule,
or if this match is a misuse of the conntrack
module by me.

Or is this possibly a bug in connection tracking?

What is this icmp packet related to?
What established connection does it match?
Could this rule match other protocols?
Could this be a risk?

If it is a bug,
or if no one knows,
I will report it.

I am grateful for the effort that the developers
have put into creating and maintaining iptables,
and I am simply trying to do my part to help
with the maintainence.

By the way, Antony, thanks for the jokes.
I have been trying to recall that last one
for years. It never gets old, only I do.

Jim Laurino

next             reply	other threads:[~2004-03-20  0:25 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-03-20  0:25 Jim Laurino [this message]
2004-03-20 13:06 ` newbie question about kernel networking Saber zrelli

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040320002512.GC3373@salty \
    --to=nfcan.x.jimlaur@dfgh.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox