* per j (perj8@hotmail.com) wrote: > Have you got any luck fixing the --rttl bug? It's already been a couple > weeks since the last post. I tried to go around this problem with no > success. I don't want to put all my rules into one chain, the INPUT chain, > to get it to work and prefer separate chains to make my firewall rules > easier to maintain. Apparently --rttl doesn't work when --set is on a > different chain on the filter table. That's the problem. Ok, coming back to this issue I'm pretty sure I have an idea as to what the problem is. It's pretty simple, really, the TTL is going to change somewhere while in the kernel. Probably in the routing logic. This means that in PREROUTING the TTL is one thing but in FORWARD (after being routed) it's been decremented by one. The 'solution' to this problem would really be for the recent module to always go with the initial TTL and detect if the routing logic has been called or not to decide if it needs to increment the TTL to get back to the original TTL. Unfortunately at the moment I'm not sure if that will be very easy or not but I'll look around and see if I can't make this work. Stephen
Attachment:
pgp00353.pgp
Description: PGP signature
