When using ipp2p with conntrack states, the following syntax works:
iptables -A OUTPUT -p tcp -m ipp2p --winmx -m conntrack --ctstate ESTABLISHED
-j DROP
This same syntax using the opendpi module does NOT work. Eg:
iptables -A OUTPUT -p tcp -m opendpi --winmx -m conntrack --ctstate ESTABLISHED
-j DROP
...gives an error:
xt_opendpi: You need to specify at least one protocol
Switching the order of operators fixes the problem, but this appears to be
inconsistent with other modules:
iptables -A OUTPUT -p tcp -m opendpi -m conntrack --ctstate ESTABLISHED --winmx
-j DROP
I'm trying to add support for OpenDPI in Shorewall, and this change of syntax
is causing issues.
Thanks in advance!
Original issue reported on code.google.com by zebb...@gmail.com on 18 Jul 2011 at 6:08
Original issue reported on code.google.com by
zebb...@gmail.comon 18 Jul 2011 at 6:08