[Bug 77] a bug in the chain PREROUTING of the table nat
bugzilla-daemon@netfilter.org
bugzilla-daemon@netfilter.org
Mon, 14 Apr 2003 09:43:39 +0200
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=77
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|critical |trivial
Status|NEW |RESOLVED
Resolution| |INVALID
Summary|a bug in the chain |a bug in the chain
|PREROUTING of the table nat |PREROUTING of the table nat
------- Additional Comments From laforge@netfilter.org 2003-04-14 09:43 -------
Please try to understand how netfilter works before filing a bug report.
The described behaviour is perfectly normal. The 'nat' table is traversed for
every _first_ packet of a connection. You can delete all nat rules, but
already-established connections will remain active (and NATed).
Due to the connectionless operation of UDP, we cannot tell UDP sessions apart if
they use the same (scrip,srcport,dstip,dstport) tuple.
Apart from that, your -t nat -I PREROUTING -j DROP rule will also only consider
the first packet of every connection.
It seems like you have some misunderstanding about the semantics.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.