On Thu, Aug 29, 2013 at 12:18:46PM +0200, Jesper Dangaard Brouer wrote: > Packets reaching SYNPROXY were default dropped, as they were most > likely invalid (given the recommended state matching). This > patch, changes SYNPROXY target to let packets, not consumed, > continue being processed by the stack. > > This will be more in line other target modules. As it will allow > more flexible configurations of handling, logging or matching on > packets in INVALID states. > > Signed-off-by: Jesper Dangaard Brouer <brouer@xxxxxxxxxx> Acked-by: Patrick McHardy <kaber@xxxxxxxxx> > --- > comments: > - This patch depend applying the TCP flags fix patch send earlier > - This replaces my patch: "netfilter: Extend SYNPROXY with a --continue option" -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
