On Sat, 14 Apr 2012, Pascal Hambourg wrote: > Henrique de Moraes Holschuh a écrit : > > Easy depriorizing is possible by outright dropping incoming ICMP packets > > in the iptables layer, before it is processed by the IP stack. > > iptables is not before the IP stack, it is a part of it.
I suppose you're correct, since it is the IPv4-specific part of netfilter, and it does hook into several places of the IP stack, and it knows IPv4. I should probably have written it as "drop it in the RAW table, which happens very early in the packet's processing by the IP stack." -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120414104211.ga22...@khazad-dum.debian.net
