Hi Eric, Thanks, I made a mistake, it's actually supported on my VM. I'm gonna check the kernel / ipt version on other system now. On Thu, Feb 14, 2013 at 3:10 PM, Eric Leblond <eric@xxxxxxxxx> wrote: > Hi, > > On Thu, 2013-02-14 at 11:04 +0800, Aaron Lewis wrote: >> Hi Eric, >> >> --queue-bypass wasn't a standard feature I guess? >> >> Is there a patch available? I'm running iptables v1.4.12 > > the NFQUEUE target option --queue-bypass is standard since kernel > 2.6.39. Iptables has this since v1.4.11. > > BR, >> >> On Wed, Feb 13, 2013 at 8:23 PM, Eric Leblond <eric@xxxxxxxxx> wrote: >> > Hello >> > >> > Can you read the paragraph about queue-bypass in the article I point you to and tell me if it seems clear enough ;) >> > >> > BR >> > >> > Aaron Lewis <the.warl0ck.1989@xxxxxxxxx> a écrit : >> > >> >>Hi, >> >> >> >>I found that If the app that handles NFQUEUE crashed, >> >>all packets goes through that queue got stuck. >> >> >> >>Is there a way to prevent that from happening? >> >>I prefer to let ACCEPT all packets instead of blocking them, possible? >> >> >> >>iptables -I INPUT -p icmp -j NFQUEUE --queue-num 0 >> >># If no app handles that queue, no packets could go through >> >> >> >>-- >> >>Best Regards, >> >>Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ ) >> >>Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E >> >>-- >> >>To unsubscribe from this list: send the line "unsubscribe netfilter" in >> >>the body of a message to majordomo@xxxxxxxxxxxxxxx >> >>More majordomo info at http://vger.kernel.org/majordomo-info.html >> >> >> > > -- > Eric Leblond <eric@xxxxxxxxx> > Blog: https://home.regit.org/ > -- Best Regards, Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com ) Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
