[Bug 66] New: INPUT REJECT target needs state creation in OUTPUT

[bugzilla-daemon@netfilter.org]

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=66

           Summary: INPUT REJECT target needs state creation in OUTPUT
           Product: netfilter/iptables
           Version: linux-2.4.x
          Platform: i386
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ip_tables (kernel)
        AssignedTo: laforge@netfilter.org
        ReportedBy: netfilterbug@shemesh.biz
                CC: netfilter-buglog@lists.netfilter.org


Sending a packet with no flags at all, where this packet matches a REJECT rule
on INPUT, does not function as expected. The reject packet is not issued unless
there is an OUTPUT rule specifically accepting RST packets (or ICMPs, if that is
the type of REJECT).

When the original packet carries a SYN flag, the above condition does not happen.



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.