Hi Alin, On Tue, Mar 07, 2017 at 11:00:43AM +0100, Alin Nastac wrote: > Extract IPv6 packet that triggered the sending of redirect message from > ICMPv6 Redirected Header option and check if conntrack table contain such > connection. Mark redirect packet as RELATED if a matching connection is found. I think we need a sysctl to enable this on demand, eg. 'nf_conntrack_icmpv6_accept_redirects' This is changing the default behaviour, my main concern here is that filtering policies not accepting redirects will now make it via RELATED. I would prefer the user explicitly requests this. Let me know, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
