Jan Engelhardt wrote: > Since Xtables is now reentrant/nestable, the cloned packet can also go > through Xtables and be subject to rules itself. That sounds dangerous if conntrack isn't used to prevent loops. Is that really useful? For filtering, you can simply apply the rules before deciding to TEE the packet. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
