problems with netfilter 2.4.6 with mark unclean.
Wed, 4 Jul 2001 15:47:51 +0200
upgrading to new linux kernel
2.4.6, with FULL netfilter enabled and
compiled statically inside of the kernel,
a rule like
iptables -A INPUT -m unclean -j DROP
will put netfilter in condition to DROP
every tcp packet it receives.
That is not true with UDP or icmp,
(NFS and all icmp work)
but the kernel will DROP ALL tcp apckets.
That was not happening with 2.4.5 kernel and older, so that
i was able to use this rule against malformed packets.
I tried bot compiling kernel with egcs, gcc 2.95.3 and gcc 3.0.
PentiumIII 550 Mhz
128 Mbyte Ram
1 IDE disk 33Mhz
intel MB vx 440