Individual Suite pages:

[summary] [combined] [base] [broken] [extra] [not-accepted] [obsolete] [oldnat] [optimizations] [pending] [submitted] [userspace]

ipv4 patches

[MARK_operations] [dropped-table] [record-rpc]

ipv6 patches



MARK_operations [MARK_operations.patch] []
Author: Fabrice MARIE <>
Status: Works For Me.

This patch adds support for setting the nfmark bitwise (and & or).

# iptables -t mangle -A PREROUTING -p icmp -j MARK --or-mark 0x15
# iptables -t mangle -A PREROUTING -p icmp -j MARK --and-mark 0x15

***** WARNING ***** This patch also patch the userspace directory which means that you
                    you have to recompile and reinstall the iptables package after that.

dropped-table [dropped-table.patch] [] [] [] [dropped-table.patch.makefile]
Author: Rusty Russell <>
Status: Beta, redesign underway, applies now to 2.4.4-final

This patch adds a `drop' table to iptables, adding a
CONFIG_IP_NF_DROPTABLE option.  Packets which are going to be dropped
by the NAT or routing code (among others) will traverse this table,
allowing them to be logged.


record-rpc [record-rpc.patch] [] [] [] [record-rpc.patch.makefile]
Author: "Marcelo Barbosa Lima" <>
Status: This works now :-)
Status: Ported to 2.4.0-test9-pre2 by Rusty.  May be broken.
Status: Fixed by Marc for 2.4.0.
Status: Ported to newnat by Harald.  May still be broken.

This adds CONFIG_IP_NF_MATCH_RPC, which supplies two modules,
ip_conntrack_rpc_udp and ip_conntrack_rpc_tcp, which track portmapper
requests using UDP and TCP respectively.  It also adds the record_rpc
match for iptables, which matches if the source of the packet has
requested that port through the portmapper before, or it is a new GET
request to the portmapper, allowing effective RPC filtering.

Generated Mon Jan 13 19:42:32 EST 2003 by pomlist version 0.2.2.