On Sat, 28 Feb 2009 02:53:10 +0100 (CET)
Jan Engelhardt <jengelh@xxxxxxxxxx> wrote:
>
> On Friday 2009-02-27 04:23, Stephen Hemminger wrote:
> >> >+static struct xt_match strict_mt_reg __read_mostly = {
> >> >+ .name = "strict",
> >> >+ .family = NFPROTO_IPV4,
> >> >+ .match = strict_mt,
> >> >+ .matchsize = 0,
> >> >+ .me = THIS_MODULE,
> >> >+};
> >>
> >> The match seems to make the most sense where an input device
> >> is available, so
> >>
> >> .hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_IN) |
> >> (1 << NF_INET_FORWARD)
> >>
> >> should probably be added.
> >
> >Then routing wouldn't work...
>
I suppose it could be useful to to different chains for routed vs non-routed
packets on pre-routing chain, but on forward chain it wouldn't really
do anything useful.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
