| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130829101117.GA14229@macbook.localnet> Date: Thu, 29 Aug 2013 12:11:17 +0200 From: Patrick McHardy <kaber@...sh.net> To: Jesper Dangaard Brouer <brouer@...hat.com> Cc: Pablo Neira Ayuso <pablo@...filter.org>, netfilter-devel@...r.kernel.org, netdev@...r.kernel.org, mph@....com, as@....com Subject: Re: [nf-next PATCH] netfilter: SYNPROXY let unrelated packets continue On Thu, Aug 29, 2013 at 12:18:46PM +0200, Jesper Dangaard Brouer wrote: > Packets reaching SYNPROXY were default dropped, as they were most > likely invalid (given the recommended state matching). This > patch, changes SYNPROXY target to let packets, not consumed, > continue being processed by the stack. > > This will be more in line other target modules. As it will allow > more flexible configurations of handling, logging or matching on > packets in INVALID states. > > Signed-off-by: Jesper Dangaard Brouer <brouer@...hat.com> Acked-by: Patrick McHardy <kaber@...sh.net> > --- > comments: > - This patch depend applying the TCP flags fix patch send earlier > - This replaces my patch: "netfilter: Extend SYNPROXY with a --continue option" -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists