RE: TTL target

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



heh--yeah, sorry about that.

Frederico-

there's a nice (albeit a bit old) step-by-step on patch-o-matic at:

	http://www.lowth.com/howto/add-iptables-modules.php

when you get down to step 6--the patch you're interested in is:  "runme base/TTL.patch"

i've never had any luck with pom-ng on the stock RH kernels (runme says that the kernel is too old), so you probably want to grab 'patch-o-matic-20031219' which does have the TTL target you're looking for.

HTH,

-j

-----Original Message-----
From: netfilter-admin@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Antony Stone
Sent: Friday, July 23, 2004 2:44 PM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: TTL target


On Friday 23 July 2004 7:29 pm, Gonzalez, Federico wrote:

> I get the following error:
>
> iptables: No chain/target/match by that name

I think two people may be talking about two different things here without 
realising it:

The ttl *match* (lowercase) is for matching packets by value of the TTL field.

The TTL *target* (uppercase) is for altering the TTL value in a packet.

Sorry I can't answer the actual question, because I don't use Fedora, but 
hopefully this might help to avoid some confusion, at least...

Regards,

Antony.

> ----- Original Message -----
> From: "Jason Opperisano" <Jopperisano@xxxxxxxxxxxxxxxx>
> To: "Gonzalez, Federico" <fgonzalez@xxxxxxxxxxxxxx>;
> <netfilter@xxxxxxxxxxxxxxxxxxx>
> Sent: Friday, July 23, 2004 3:21 PM
> Subject: RE: TTL target
>
>
> um--on fedora core 1--which seems to match the versions you provide, the
> TTL match target is there.
>
> $ uname -r
> 2.4.22-1.2197.nptl
>
> $ iptables -V
> iptables v1.2.9
>
> # iptables -A INPUT -m ttl --ttl-eq 1 -j DROP
> #
>
> # iptables -vnL INPUT
> Chain INPUT (policy DROP 184 packets, 19161 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0 DROP       all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           TTL match TTL == 1
>
> -j
>
> -----Original Message-----
> From: netfilter-admin@xxxxxxxxxxxxxxxxxxx
> [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Gonzalez,
> Federico
> Sent: Friday, July 23, 2004 1:52 PM
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: TTL target
>
>
> Hi,
>
> I have iptables 1.2.9, red hat kernel 2.4.22 and i need to use the TTL
> target to change the packets TTL.
>
> How do i enable this functionality ?
>
> Thank you.

-- 
"Black holes are where God divided by zero."

 - Steven Wright

                                                     Please reply to the list;
                                                           please don't CC me.





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux