On Sat, Aug 03, 2002 at 09:06:59AM +0200, Aad van Lieburg wrote: > Hi, > I read about a bug in RH7.2 iptables, due to debugging code, with NAT / > mangle. > Now I'm not sure about this: Is this bug still there in RH7.3? > >From www.netfilter.org homepage:
* This bug has not yet been fixed in any kernel. To work around this bug, either apply the patch provided with the advisory, or use the rule-based workaround as indicated in the advisory. It seems then that the bug is still in official versions of the linux kernel. The netfilter team have provided a kernel patch but it has not been accepted in the official kernel. There is also a workaround. Info on both can be found at the netfilter homepage. Just found the following at: http://rhn.redhat.com/errata/RHSA-2002-086.html "Unfortunately, this problem currently has no clean fix, but while a clean fix is being worked on, there is a sufficient workaround: Filter out untracked local icmp packets using the following command: iptables -A OUTPUT -m state -p icmp --state INVALID -j DROP" t.irvine -- redhat-list mailing list Unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list