Use mangle to DROP/ACCEPT

Use mangle to DROP/ACCEPT

[Srinivas Murthy]

Hi,
 Is it ok to use the "mangle" table to insert rules that can
DROP/ACCEPT pkts in the PREROUTE chain?

 I cannot use "filter" since that is registered in the INPUT chain and
I want these rules in the PREROUTE chain.

Thanks.

Re: Use mangle to DROP/ACCEPT

[Matt Zagrabelny]

[-- Attachment #1: Type: text/plain, Size: 632 bytes --]


On Fri, 2007-11-02 at 11:54 -0700, Srinivas Murthy wrote:
> Hi,
>  Is it ok to use the "mangle" table to insert rules that can
> DROP/ACCEPT pkts in the PREROUTE chain?

You could mark the packets in the mangle table and then DROP/ACCEPT
based on the markings in the filter table.

[...]

-- 
Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844
University of Minnesota Duluth
Information Technology Systems & Services
PGP key 1024D/84E22DA2 2005-11-07
Fingerprint: 78F9 18B3 EF58 56F5 FC85  C5CA 53E7 887F 84E2 2DA2

He is not a fool who gives up what he cannot keep to gain what he cannot
lose.
-Jim Elliot

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: Use mangle to DROP/ACCEPT

[Martijn Lievaart]

Srinivas Murthy wrote:
> Hi,
>  Is it ok to use the "mangle" table to insert rules that can
> DROP/ACCEPT pkts in the PREROUTE chain?
>
>  I cannot use "filter" since that is registered in the INPUT chain and
> I want these rules in the PREROUTE chain.
>   

There was a recent thread about this on the netfilter-devel list. Yes 
it's OK to drop in mangle, but not all matches work in mangle.

HTH,
M4