How to match only one packet and no other subsequent new packets?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have a script that adds a input filter rule whenever invoked. My default configuration accepts `ct state established,related`. The goal is to allow only one packet of `ip saddr {CLIENT_IP} ip daddr {SERVER_IP} tcp dport 2022 ct state new` (and any other packets related to that one or established from that one therefore), and not match subsequent packets satisfying those matchers and `ct state new`.

I have tried `ip saddr {CLIENT_IP} ip daddr {SERVER_IP} tcp dport 2022 ct state new counter ct original packets < 1 accept` but it seems that the `counter` or `ct original packets < 1` don't really do anything. The script adds the rule to the `inet filter` table's `input` chain. Can anyone correct my rule? Thanks!

Attachment: OpenPGP_0xB69A3DD87D22F506.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux