I looked at socket filtering, but it seems to only apply to RAW sockets? I thought netfilter would only work for a privileged process to update system-wide iptables. I guess technically that's userspace, but I'm looking for something that an unprivileged process can use. Cheers, Jeremy On Tue, 2007-11-20 at 10:27 -0500, Charlie Brady wrote: > On Mon, 19 Nov 2007, Jeremy Jackson wrote: > > > are easier, however the advocates of the one-socket-per-interface > > approach pointed out that if not all interfaces are desired, there is no > > way for userspace to return ICMP Port Unreachable. > > netfilter can. -- Jeremy Jackson Coplanar Networks (519)489-4903 - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
