Alan,
I apologise for having taken so long to write this (I have known about
this problem since 2.4.5ac17 and have not had a chance to document til
today) but there seems to be a problem with the ipt_unclean fixes by Rusty
Russell. ANY incoming packets from any interface (ppp0 and eth0) are
marked as 'unclean' with some variation on the following syslog entry:
Jul 8 23:16:04 paranoia kernel: ipt_unclean: TCP option 3 at 37 too long
Jul 8 23:16:05 paranoia kernel: ipt_unclean: TCP option 3 at 37 too long
Jul 8 23:16:16 paranoia kernel: ipt_unclean: TCP option 3 at 37 too long
Jul 8 23:16:18 paranoia kernel: ipt_unclean: TCP option 3 at 37 too long
and thus are blocked by my 'unclean packet dropping' firewall (iptables).
I haven't seen any mention of this on the list, nor have I seen any more
ipt_unclean patches to address this problem, so here's your heads-up
(albeit a bit late).
Thanks,
J Troy Piper
jtp@dok.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/