Re: [LARTC] Re: iptables rule not matching after stream begins

To:	Bob Beers <bob.beers@gmail.com>
Subject:	Re: [LARTC] Re: iptables rule not matching after stream begins
From:	Alexey Toptygin <alexeyt@freeshell.org>
Date:	Tue, 21 Nov 2006 15:26:13 +0000 (UTC)
Cc:	lartc@mailman.ds9a.nl
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
In-reply-to:	<4f6ba3b0611210610t62b24e7es9cc9ece120581d1d@mail.gmail.com>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References:	<4f6ba3b0611200730j337ad29xc69dd63b205060c4@mail.gmail.com> <4f6ba3b0611201646k750995d3oe0cd605890b7f2a7@mail.gmail.com> <Pine.LNX.4.64.0611201955340.31315@becky16.halibutdepot.org> <4f6ba3b0611210610t62b24e7es9cc9ece120581d1d@mail.gmail.com>
Sender:	lartc-bounces@mailman.ds9a.nl

To:

Bob Beers <bob.beers@gmail.com>

Subject:

Re: [LARTC] Re: iptables rule not matching after stream begins

From:

Alexey Toptygin <alexeyt@freeshell.org>

Date:

Tue, 21 Nov 2006 15:26:13 +0000 (UTC)

Cc:

lartc@mailman.ds9a.nl

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

lartc-list@securepoint.com

Delivered-to:

lartc@outpost.ds9a.nl

In-reply-to:

<4f6ba3b0611210610t62b24e7es9cc9ece120581d1d@mail.gmail.com>

List-archive:

<http://mailman.ds9a.nl/pipermail/lartc>

List-help:

<mailto:lartc-request@mailman.ds9a.nl?subject=help>

List-id:

"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>

List-post:

<mailto:lartc@mailman.ds9a.nl>

List-subscribe:

<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>

List-unsubscribe:

<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>

References:

<4f6ba3b0611200730j337ad29xc69dd63b205060c4@mail.gmail.com> <4f6ba3b0611201646k750995d3oe0cd605890b7f2a7@mail.gmail.com> <Pine.LNX.4.64.0611201955340.31315@becky16.halibutdepot.org> <4f6ba3b0611210610t62b24e7es9cc9ece120581d1d@mail.gmail.com>

Sender:

lartc-bounces@mailman.ds9a.nl

On Tue, 21 Nov 2006, Bob Beers wrote:

Let me try to restate my question:

Is it a common problem that inserting a rule after a (UDP) stream is
established does not match the rule, even though the exact same
rule for the exact same stream does match, as long as it is inserted
before the first packet of the stream arrives?

This is the way it is designed: PREROUTING rules in the nat table are onlychecked for packets that haven't already been assigned to a connection. Ifyou want, you can use the conntrack tool to flush the connection statesafter you add a new rule.


                        Alexey
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] Re: iptables rule not matching after stream begins, Bob Beers Re: [LARTC] Re: iptables rule not matching after stream begins, Flophouse Joe Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers Re: [LARTC] Re: iptables rule not matching after stream begins, Alexey Toptygin <= Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers Re: [LARTC] Re: iptables rule not matching after stream begins, Alexey Toptygin

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers
Next by Date:	Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers
Previous by Thread:	Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers
Next by Thread:	Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers

Next by Date:

Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers

Previous by Thread:

Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers

Next by Thread:

Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers

Indexes:

[Date] [Thread] [Top] [All Lists]