Re: strange log on gateway inside []

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 2010-07-30 12:41, Michele Petrazzo - Unipex wrote:
>>>>invalid come from?
>>INVALID is a CT classification. RFC don't have much to do with that.
>
> Pascal Hambourg wrote:
>>ICMP port unreachable is not the natural reply to an unexpected TCP 
>>packet, so I guess it was generated by a REJECT target in the INPUT or 
>>FORWARD chain. If the original packet was in the INVALID state (or 
>>UNTRACKED if you used the NOTRACK target), then the ICMP error packet 
>>is in the INVALID state instead of RELATED.
>
>Like said, INVALID is only a CT classification of my firewall. But, 
>since it's not a standard, how I can receive and reply (through my 
>FORWARD chain) to an INVALID packet?

By not blocking it, standard processing will take place.

>Who generate/classify it like INVALID? My sender (I don't believe since 
>it's not a standard) or my CT?

The sender creates it, your firewall classifies it.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux