doc: Note REDIRECT case of no IP address

If an IP packet comes in on an interface that lacks a corresponding IP address (which happens on, e.g., the veth's that Project Calico creates), attempting to use REDIRECT on it will cause it to be dropped. Take note of this in REDIRECT's documentation. Signed-off-by: Joseph C. Sible <josephcsible@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Joseph C. Sible <josephcsible@gmail.com> 2019-08-20 16:26:25 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-08-21 11:45:25 +0200
commit: a0f1a756419d0738c833d53b656350a520fc94c8 (patch)
tree: 7506eb7491ef9ca97d0ea1026758cf8262444f71 /extensions
parent: 64e88114437072b29bed8aae9eb04ed5e773708f (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/extensions/libxt_REDIRECT.man b/extensions/libxt_REDIRECT.man
index 3400a6df..28d4d10b 100644
--- a/extensions/libxt_REDIRECT.man
+++ b/extensions/libxt_REDIRECT.man
@@ -8,7 +8,8 @@ chains, and user-defined chains which are only called from those
 chains.  It redirects the packet to the machine itself by changing the
 destination IP to the primary address of the incoming interface
 (locally-generated packets are mapped to the localhost address,
-127.0.0.1 for IPv4 and ::1 for IPv6).
+127.0.0.1 for IPv4 and ::1 for IPv6, and packets arriving on
+interfaces that don't have an IP address configured are dropped).
 .TP
 \fB\-\-to\-ports\fP \fIport\fP[\fB\-\fP\fIport\fP]
 This specifies a destination port or range of ports to use: without
author	Joseph C. Sible <josephcsible@gmail.com>	2019-08-20 16:26:25 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-08-21 11:45:25 +0200
commit	a0f1a756419d0738c833d53b656350a520fc94c8 (patch)
tree	7506eb7491ef9ca97d0ea1026758cf8262444f71 /extensions
parent	64e88114437072b29bed8aae9eb04ed5e773708f (diff)