HI, upgrading to new linux kernel 2.4.6, with FULL netfilter enabled and compiled statically inside of the kernel, a rule like iptables -A INPUT -m unclean -j DROP will put netfilter in condition to DROP every tcp packet it receives. That is not true with UDP or icmp, (NFS and all icmp work) but the kernel will DROP ALL tcp apckets. That was not happening with 2.4.5 kernel and older, so that i was able to use this rule against malformed packets. I tried bot compiling kernel with egcs, gcc 2.95.3 and gcc 3.0. System is PentiumIII 550 Mhz 128 Mbyte Ram 1 IDE disk 33Mhz intel MB vx 440 binutils 2.11.90.0.19 glibc 2.2.3 Bests Luigi Genoni - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
