>> Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote >Actually not in your masquerading setup : INVALID packets skip NAT > (which is good enough a reason to DROP them in a NAT setup, in order to > prevent private addresses from leaking outside), so the packet won't be > demasqueraded and will fall into the INPUT chain instead of the FORWARD > chain. beautiful answer . Thanks a ton for your valuable time . -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
