On Tue, 21 Nov 2006, Bob Beers wrote:
Let me try to restate my question: Is it a common problem that inserting a rule after a (UDP) stream is established does not match the rule, even though the exact same rule for the exact same stream does match, as long as it is inserted before the first packet of the stream arrives?
This is the way it is designed: PREROUTING rules in the nat table are only checked for packets that haven't already been assigned to a connection. If you want, you can use the conntrack tool to flush the connection states after you add a new rule.
Alexey _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
