2.6.20: ipt_owner match and INPUT chain
Patrick McHardy
kaber at trash.net
Fri Mar 2 12:57:11 CET 2007
Thomas Jarosch wrote:
> Hello together,
>
> the ipt_owner match of 2.6.20 is not allowed to be used in the INPUT chain.
>
> The .hooks entry looks like this:
> .hooks = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING)
>
> Back in the days it was allowed to be used in the INPUT chain for TCP/UDP.
> I've searched the mailinglist archive but couldn't find anything useful.
> What's the reason behind the change?
The mainline kernel never supported this, you're thinking of the
owner socketlookup patch, which had multiple issues and was never
merged.
More information about the netfilter-devel
mailing list