[PATCH IP6TABLES]: don't allow to specify protocol of IPv6
extension header
Patrick McHardy
kaber at trash.net
Wed Mar 29 11:09:52 CEST 2006
Yasuyuki KOZAKAI wrote:
> From: Patrick McHardy <kaber at trash.net>
> Date: Wed, 29 Mar 2006 10:11:19 +0200
>
>
>>Yasuyuki KOZAKAI wrote:
>>
>>>Hi,
>>>
>>>Sometimes I hear that people do 'ip6tables -p ah ...' which never matches
>>>any packet. IPv6 extension headers except of ESP are skipped and invalid
>>>as argument of '-p'. Then I propose that ip6tables exits with error in such
>>>case.
>>
>>How about a warning for some time first? If people use iptables-restore
>>this could break their entire ruleset ..
>
>
> OK, then please ignore previous 'fixed patch' and apply this. Sorry for mess.
Done, thanks. Is your SVN access not working?
More information about the netfilter-devel
mailing list