[Bug 944355] [susefirewall] drop packets with invalid state in nat configuration

16 Feb 2017

      http://bugzilla.suse.com/show_bug.cgi?id=944355
http://bugzilla.suse.com/show_bug.cgi?id=944355#c1

--- Comment #1 from Matthias Gerstner <matthias.gerstner@suse.com> ---
New firewall maintainer here. I'm working on the backlog bugs.

I hope I understand this right. So we have packets that should be NATed, but
they end up in state INVALID and thus will not be NATed. In further
processing/routing these packets will then lead to martian source log entries.

So you'd like to have an additional iptables rule like

  iptables -A FORWARD -m state --state INVALID -j DROP

to avoid forwarding such packets?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 944355] [susefirewall] drop packets with invalid state in nat configuration

bugzilla_noreply＠novell.com