Filtering in PREROUTING
george
gk at t-t-l.co.uk
Wed Jan 17 22:38:24 CET 2007
I've seen a few places telling me that you shouldn't filter in the
mangle table. However, it seems sensible to me to drop junk packets in
PREROUTING rather than have to duplicate those rules in both INPUT and
FORWARD.
Having done this, I'm seeing packets dropped as invalid when I would
expect them to be OK (but most traffic is behaving as expected). Before
I start digging into this I want to check if filtering in the mangle
table really is stupid.
Can anyone explain this to me, or point me somewhere that will tell me
please. I haven't found anything other than a simple statement
anywhere.
Thanks,
George.
More information about the netfilter
mailing list