[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4BB47768.1050405@trash.net>
Date: Thu, 01 Apr 2010 12:37:28 +0200
From: Patrick McHardy <kaber@...sh.net>
To: Jan Engelhardt <jengelh@...ozas.de>
CC: netfilter-devel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH 5/5] netfilter: xt_TEE: have cloned packet travel through
Xtables too
Jan Engelhardt wrote:
> Since Xtables is now reentrant/nestable, the cloned packet can also go
> through Xtables and be subject to rules itself.
That sounds dangerous if conntrack isn't used to prevent loops.
Is that really useful? For filtering, you can simply apply the
rules before deciding to TEE the packet.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists