[Bug 794] New: -f option used with iptables
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Thu Jun 21 11:52:51 CEST 2012
http://bugzilla.netfilter.org/show_bug.cgi?id=794
Summary: -f option used with iptables
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: blocker
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: shrivastavaone at gmail.com
Estimated Hours: 0.0
kernel version is 2.6.35+
I am defining following ACL
iptables -A INPUT -p icmp -i eth1 -m iprange --src-range
172.31.114.1-172.31.114.254 -m iprange --dst-range 192.168.1.1-192.168.1.254 -j
DROP
with above rule i can dop all icmp packets on eth1 interface
but when i add -f option to deny on fragmented packets rule doesnt work
iptables -A INPUT -p icmp -i eth1 -m iprange --src-range
172.31.114.1-172.31.114.254 -m iprange --dst-range 192.168.1.1-192.168.1.254 -f
-j DROP
My abjective is to deny only fragmented packets with specified ip, protocol and
interface and "-f" option doesnt seem to work
Thanks and Regards,
Rahul Shrivastava
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
More information about the netfilter-buglog
mailing list