All,
I'm a little confused whether the combination of conntrack/state with
QUEUE targets is supported.
I have a usermode app which processes packets via libNFQ which works
fine. Up to know we had a very simple setup like
-t mangle -A FORWARD -p tcp --dport 80 -j QUEUE
-t mangle -A FORWARD -p tcp --sport 80 -j QUEUE
This worked fine. Now however we have the requirement for more granular
"stateful" Rules. I though it should be possible to combine
state/conntrack with the QUEUE target ... but this doesn't seem to work.
-t mangle -A FORWARD -p tcp --dport 80 -m state --state NEW,ESTABLISHED
-j QUEUE
However using this rule no (http) connection goes through.
Any pointers?
CU,
Udo
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
