[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Make packets go through when NFQUEUE app crashed
From:       Eric Leblond <eric () regit ! org>
Date:       2013-02-14 7:10:46
Message-ID: 1360825846.11976.2.camel () tiger2
[Download RAW message or body]

Hi,

On Thu, 2013-02-14 at 11:04 +0800, Aaron Lewis wrote:
> Hi Eric,
> 
> --queue-bypass wasn't a standard feature I guess?
> 
> Is there a patch available? I'm running iptables v1.4.12

the NFQUEUE target option --queue-bypass is standard since kernel
2.6.39. Iptables has this since v1.4.11.

BR,
> 
> On Wed, Feb 13, 2013 at 8:23 PM, Eric Leblond <eric@regit.org> wrote:
> > Hello
> > 
> > Can you read the paragraph about queue-bypass in the article I point you to and \
> > tell me if it seems clear enough ;) 
> > BR
> > 
> > Aaron Lewis <the.warl0ck.1989@gmail.com> a écrit :
> > 
> > > Hi,
> > > 
> > > I found that If the app that handles NFQUEUE crashed,
> > > all packets goes through that queue got stuck.
> > > 
> > > Is there a way to prevent that from happening?
> > > I prefer to let ACCEPT all packets instead of blocking them, possible?
> > > 
> > > iptables -I INPUT -p icmp -j NFQUEUE --queue-num 0
> > > # If no app handles that queue, no packets could go through
> > > 
> > > --
> > > Best Regards,
> > > Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ )
> > > Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
> > > --
> > > To unsubscribe from this list: send the line "unsubscribe netfilter" in
> > > the body of a message to majordomo@vger.kernel.org
> > > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 
> 

-- 
Eric Leblond <eric@regit.org>
Blog: https://home.regit.org/

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[prev in list] [next in list] [prev in thread] [next in thread]