Re: iptables in el4u3 (was Re: ypserv broken(?) in rhel4u3)

[Aleksandar Milivojevic <alex milivojevic org>]

Quoting John Vasileff <john lists gmail com>:

> The same is given for udp.  Looks like the new behaviour is better,
> although I wouldn't be too thrilled with my firewall failing to load
> correctly after reboot when it previously worked.

BTW, there's another similar change pending.  The TCPMSS is currently 
not restricted to mangle table.  Old documentation even had examples of 
using it from filter table (back from the days when mangle table was 
not as functional as it is now).  The upstream documentation was 
updated some time ago (haven't checked if it was reflected in RHEL4 -- 
if not, Red Hat folks please do it), and code still accepts using 
TCPMSS in filter table.  TCPMSS isn't going to be outlawed from filter 
table in near future, but probably will be one day.  Supposedly, 
newever versions of iptables should print a warning about this if you 
attempt to use TCPMSS in filter table.  I haven't checked if iptables 
included with RHEL4 will warn you.  If you are using TCPMSS from filter 
table, you should move it to mangle table.  Or you are going to be bit 
again.

--
See Ya' later, alligator!
http://www.8-P.ca/

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.