[gini] GINI Router and iptables/netfilter
Tim Geoghegan, Mr
tim.geoghegan at mail.mcgill.ca
Wed Nov 4 20:18:56 EST 2009
Hi,
We've also noticed that the iptables on the UMLs seem to be less capable than on a full Linux.
For example, we tried to use the following filter we found online that should "make sure NEW incoming tcp connections are SYN packets; otherwise we need to drop them:"
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
It works fine on our laptops running Linux, but the UMLs just give us "No chain/target/match by that name".
It also wouldn't let us use a rate-based ICMP filter where we'd only allow 10 ICMP packets per second. Is there something wrong with the version of iptables on the UMLs?
Tim Geoghegan
________________________________________
From: gini-bounces at cs.mcgill.ca [gini-bounces at cs.mcgill.ca] On Behalf Of Alexis Malozemoff [amalozemoff1 at gmail.com]
Sent: Wednesday, November 04, 2009 8:07 PM
To: Stefan Budeanu
Cc: gini at cs.mcgill.ca
Subject: Re: [gini] GINI Router and iptables/netfilter
You can only use iptables on the UMLs.
On Wed, Nov 4, 2009 at 7:33 PM, Stefan Budeanu
<stefan.budeanu at mail.mcgill.ca> wrote:
> Hello all,
>
> Does the GINI router architecture bypass iptables completely at the
> router level? Is it possible to use iptables on the router or can we
> only use it on the hosts (UMLs)?
>
> Thank you.
>
> - Stefan Budeanu
> _______________________________________________
> gini mailing list
> gini at cs.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/gini
>
_______________________________________________
gini mailing list
gini at cs.mcgill.ca
http://mailman.cs.mcgill.ca/mailman/listinfo/gini
More information about the gini
mailing list