* iptables Qu2: how to specify !dst:port
@ 2013-07-12 12:06 Die Optimisten
2013-07-12 13:07 ` Pascal Hambourg
0 siblings, 1 reply; 2+ messages in thread
From: Die Optimisten @ 2013-07-12 12:06 UTC (permalink / raw)
To: netfilter
Hi again!
Do I get a loop if I
iptables -t nat -D PREROUTING -p tcp -d 0.0.0.0:443 -j DNAT
--to-destination 127.0.0.1:443
(if my proxy would be at the same port 443) ?
thanks again,
Andrew
Mail: inform <AT> ## Newline just against mailfiltering-robots
die-optimisten <DOT> net
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: iptables Qu2: how to specify !dst:port
2013-07-12 12:06 iptables Qu2: how to specify !dst:port Die Optimisten
@ 2013-07-12 13:07 ` Pascal Hambourg
0 siblings, 0 replies; 2+ messages in thread
From: Pascal Hambourg @ 2013-07-12 13:07 UTC (permalink / raw)
To: netfilter
Die Optimisten a écrit :
>
> Do I get a loop if I
> iptables -t nat -D PREROUTING -p tcp -d 0.0.0.0:443 -j DNAT
> --to-destination 127.0.0.1:443
No. By the way, this rule may not have the intended effect.
Packets received from the outside will be seen with a loopback
destination address and discarded by the routing decision.
Packets sent over loopback skip the nat PREROUTING chain.
> Can I generally generate (kernel-hanging) loops with -nat , or is this
> recognized/inhibited ?
Not directly in the kernel, because, as I wrote above, packets sent over
loopback skip the nat PREROUTING chain.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-07-12 13:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-07-12 12:06 iptables Qu2: how to specify !dst:port Die Optimisten
2013-07-12 13:07 ` Pascal Hambourg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox