Jan Engelhardt wrote:
Hi e thanks.
And the last, have you also an rfc that explain why and where
invalid come from?
INVALID is a CT classification. RFC don't have much to do with that.
Pascal Hambourg wrote:
ICMP port unreachable is not the natural reply to an unexpected TCP
packet, so I guess it was generated by a REJECT target in the INPUT
or FORWARD chain. If the original packet was in the INVALID state
(or UNTRACKED if you used the NOTRACK target), then the ICMP error
packet is in the INVALID state instead of RELATED.
A doubt.
Like said, INVALID is only a CT classification of my firewall. But,
since it's not a standard, how I can receive and reply (through my
FORWARD chain) to an INVALID packet? Who generate/classify it like
INVALID? My sender (I don't believe since it's not a standard) or my CT?
Thanks,
Michele
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html