This patch reorders the connlimit and comment match extensions relative
to the state match (-m state); connlimit being most useful if found
after a -m state --state NEW and not before it.
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
---
src/nwfilter/nwfilter_ebiptables_driver.c |
On 02/14/2011 08:07 AM, Stefan Berger wrote:
This patch reorders the connlimit and comment match extensions relative
to the state match (-m state); connlimit being most useful if found
after a -m state --state NEW and not before it.
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
On 02/14/2011 11:42 AM, Eric Blake wrote:
On 02/14/2011 08:07 AM, Stefan Berger wrote:
This patch reorders the connlimit and comment match extensions relative
to the state match (-m state); connlimit being most useful if found
after a -m state --state NEW and not before it.
Signed-off-by:
