bend chen wrote:
HI,netfilter-user
I have some question,pleas help me.
1\if I used ebtables process a package,but need iptables can't process THIS package,how can I do?
Sorry, I can't parse this sentence
2\can i use iptables drop some LENGTH package, can I mach : if the package > 128K then DROP?
Yes. Use the length match, e.g.
iptables -A INPUT -p tcp -m length --length --length 1501: -j DROP
will send all tcp-packets with more than 1500 bytes to nirvana. BTW,
neither tcp (1500 bytes max) nor udp (65 KBytes max) will ever generate
packets of the size you mentioned above. ICMP packets are even smaller -
i don't recall max size at the moment.
HTH,
Joerg
