Re: [LARTC] Re: iptables rule not matching after stream begins

To:	Bob Beers <bob.beers@gmail.com>
Subject:	Re: [LARTC] Re: iptables rule not matching after stream begins
From:	Alexey Toptygin <alexeyt@freeshell.org>
Date:	Tue, 21 Nov 2006 18:46:00 +0000 (UTC)
Cc:	lartc@mailman.ds9a.nl
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
In-reply-to:	<4f6ba3b0611210805g167b393dk7861b5ce38edeae8@mail.gmail.com>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References:	<4f6ba3b0611200730j337ad29xc69dd63b205060c4@mail.gmail.com> <4f6ba3b0611201646k750995d3oe0cd605890b7f2a7@mail.gmail.com> <Pine.LNX.4.64.0611201955340.31315@becky16.halibutdepot.org> <4f6ba3b0611210610t62b24e7es9cc9ece120581d1d@mail.gmail.com> <Pine.NEB.4.64.0611211522490.21238@ukato.freeshell.org> <4f6ba3b0611210805g167b393dk7861b5ce38edeae8@mail.gmail.com>
Sender:	lartc-bounces@mailman.ds9a.nl

To:

Bob Beers <bob.beers@gmail.com>

Subject:

Re: [LARTC] Re: iptables rule not matching after stream begins

From:

Alexey Toptygin <alexeyt@freeshell.org>

Date:

Tue, 21 Nov 2006 18:46:00 +0000 (UTC)

Cc:

lartc@mailman.ds9a.nl

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

lartc-list@securepoint.com

Delivered-to:

lartc@outpost.ds9a.nl

In-reply-to:

<4f6ba3b0611210805g167b393dk7861b5ce38edeae8@mail.gmail.com>

List-archive:

<http://mailman.ds9a.nl/pipermail/lartc>

List-help:

<mailto:lartc-request@mailman.ds9a.nl?subject=help>

List-id:

"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>

List-post:

<mailto:lartc@mailman.ds9a.nl>

List-subscribe:

<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>

List-unsubscribe:

<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>

References:

<4f6ba3b0611200730j337ad29xc69dd63b205060c4@mail.gmail.com> <4f6ba3b0611201646k750995d3oe0cd605890b7f2a7@mail.gmail.com> <Pine.LNX.4.64.0611201955340.31315@becky16.halibutdepot.org> <4f6ba3b0611210610t62b24e7es9cc9ece120581d1d@mail.gmail.com> <Pine.NEB.4.64.0611211522490.21238@ukato.freeshell.org> <4f6ba3b0611210805g167b393dk7861b5ce38edeae8@mail.gmail.com>

Sender:

lartc-bounces@mailman.ds9a.nl

On Tue, 21 Nov 2006, Bob Beers wrote:

<after a little googling ...>

I guess you mean this:
<http://www.netfilter.org/projects/conntrack/index.html>
and/or this:
<http://www.netfilter.org/projects/libnetfilter_conntrack/index.html>


Yep.

But, I wonder, is there a shortcut to the behavior I want
through iptables --ctstatus and friends?

Not really. Even if you match the packet with --ctstate, I don't believethere is any iptables target that would delete the connection of thecurrent packet (and presumably drop the packet?). Even if you could, you'dstill have to wait for the next packet to come along and set up a newconnection entry, so there's no advantage over deleting the connectionwith a userspace tool, and it would be a terrible hack.


                        Alexey
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] Re: iptables rule not matching after stream begins, Bob Beers Re: [LARTC] Re: iptables rule not matching after stream begins, Flophouse Joe Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers Re: [LARTC] Re: iptables rule not matching after stream begins, Alexey Toptygin Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers Re: [LARTC] Re: iptables rule not matching after stream begins, Alexey Toptygin <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers
Next by Date:	[LARTC] ipp2p seems not mark to control bitlord, Roberto Pereyra
Previous by Thread:	Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers
Next by Thread:	[LARTC] VPN Solution, Rangi Biddle
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers

Next by Date:

[LARTC] ipp2p seems not mark to control bitlord, Roberto Pereyra

Previous by Thread:

Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers

Next by Thread:

[LARTC] VPN Solution, Rangi Biddle

Indexes:

[Date] [Thread] [Top] [All Lists]