On Saturday 15 November 2003 8:07 am, Pavel V. Yanchenko wrote:
> Hello.
>
> As far as I understand, rules in PRE- and POSTROUTING chains are
> cached? Because when I delete a rule with SNAT target for ip
> 192.168.10.10 this address's packets are still SNATed for several
> minutes. The same thing happens for rules in PREROUTING chains.
> Is it possible to disable this feature? Maybe there is some file in
> /proc where cached rules are listed?
No, there is no caching of rules in netfilter; however, packets which are
part of an ESTABLISHED connection will continue to be processed without
reference to the rules in PRE/POSTROUTING because of the connection tracking
table entry - onlt the first packets of connections ever go through the
explicit rules in these tables - all following packets are automagically
processed behind the scenes.
This is the effect you are seeing, I'm sure.
Antony.
--
Christianity tells you to work hard today for little or no reward, and
tomorrow you will die and awake in paradise.
Marxism says work hard today for little or no reward; tomorrow you will die
and your children will awake in paradise.
- Len Deighton, Billion Dollar Brain
Please reply to the list;
please don't CC me.
