Daniel Hartmeier wrote,
> return-rst/-icmp require a bridge to have IP addresses assigned and
> routing table entries added. Basically, you must be able to ping the
> destination of the RST packet from userland, i.e. have a suitable
> source address and (default) route to the destination. Hence, on
I wrote,
> I've just noticed that in 3.4 the RST generated by a block in
> return-rst rule is being blocked on the way out by a catch all block
> out rule, eg.,
>
> block return-rst in quick on $ext_if proto tcp \
> from any to $reachable_addrs port = ident
>
> block out log quick on $br_ex
I've just noticed that in 3.4 the RST generated by a block in return-rst
rule is being blocked on the way out by a catch all block out rule,
eg.,
block return-rst in quick on $ext_if proto tcp \
from any to $reachable_addrs port = ident
block out log quick on $br_ext_if all<-- RST b
Damien Miller wrote,
> Miles Sabin wrote:
> > Just a suggestion ...
> >
> > Take a peek at ternary trees for this kind of thing,
> >
> > http://www.ddj.com/documents/s=921/ddj9804a/9804a.htm
> > http://citeseer.nj.nec.com/bentley97fast.html
>
> A
Daniel Hartmeier wrote,
> On Fri, Dec 20, 2002 at 12:25:57PM -0500, Michael Shalayeff wrote:
> > if i'm not mistaken n is the address length there...
> > so, regardless of the number of addresses in the set it's still
> > a constant for each address family...
>
> Oh, my bad, so it's O(1) like a has
