Hi, On k, jún 16, 2009 at 07:09:42 +1000, Philip Craig wrote: > The TPROXY target returns NF_ACCEPT rather than XT_CONTINUE. > Is there a reason for this, or is it left over from when > there was a tproxy table? I can place the tproxy rules last > if needed, but this behaviour was unexpected. It has more to do with the REDIRECT-like functionality of the target. TPROXY 'redirection' is tricky, since it does not actually touch the skb but the packet ends up in a local socket with a different address/port. > Also, does tproxy handle related ICMP packets too? The 'socket' match matches for related ICMP, so if you use TPROXY in conjuction with that, then yes, it does handle related ICMP. -- KOVACS Krisztian -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
