Skip to content
Commit affe759d authored by Phil Oester's avatar Phil Oester Committed by Pablo Neira Ayuso
Browse files

netfilter: ip[6]t_REJECT: tcp-reset using wrong MAC source if bridged 



As reported by Casper Gripenberg, in a bridged setup, using ip[6]t_REJECT
with the tcp-reset option sends out reset packets with the src MAC address
of the local bridge interface, instead of the MAC address of the intended
destination.  This causes some routers/firewalls to drop the reset packet
as it appears to be spoofed.  Fix this by bypassing ip[6]_local_out and
setting the MAC of the sender in the tcp reset packet.

This closes netfilter bugzilla #531.

Signed-off-by: default avatarPhil Oester <kernel@linuxace.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 35fdb94b
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment