Jan Engelhardt wrote:
On Friday 2008-06-06 17:02, Patrick McHardy wrote:
I've tried that for a day, to no avail:
..
My nat rules currently look like this:
iptables -t nat -A PREROUTING -m state --state INVALID -j LOG
iptables -t nat -A PREROUTING -m state --state INVALID -j DROP
These rules need to go in mangle, that nat table is only
traversed for the first packet of a connection.
These rules should go into filter, because that's what "filter"
is for... filtering.
As you are well aware, there is no PREROUTING chain in filter.
So I'm guessing you're trying to pull me into a discussion
about that, in an irritating way.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
