Re: conntrack GRE behaves differently in 3.17 / 3.18

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Zitat von Mart Frauenlob <mart.frauenlob@xxxxxxxxx>:

/lib/modules/$(uname -r)/kernel/net/netfilter/nf_conntrack_proto_gre.ko
is available as specific helper.


GRE packets are still dropped, even after "modprobe nf_conntrack_proto_gre".
Isn't that how it's supposed to work, or am I still missing something?

root@laptop:/etc# iptables -S;lsmod|grep conntrack
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
nf_conntrack_proto_gre    12886  0
nf_conntrack_ipv4      18003  1
nf_defrag_ipv4         12443  1 nf_conntrack_ipv4
xt_conntrack           12601  1
nf_conntrack 57737 3 nf_conntrack_proto_gre,xt_conntrack,nf_conntrack_ipv4 x_tables 18078 5 ip_tables,xt_tcpudp,xt_conntrack,iptable_filter,iptable_mangle 

Jan


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux