doc: Note REDIRECT case of no IP address

If an IP packet comes in on an interface that lacks a corresponding IP
address (which happens on, e.g., the veth's that Project Calico creates),
attempting to use REDIRECT on it will cause it to be dropped. Take note
of this in REDIRECT's documentation.

Signed-off-by: Joseph C. Sible <josephcsible@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_REDIRECT.man b/extensions/libxt_REDIRECT.man
index 3400a6df7d3418e76521aee5fb86c4a0bc7b2965..28d4d10b79046e6a0e22da69cee878f40ce5b61a 100644 (file)
--- a/extensions/libxt_REDIRECT.man
+++ b/extensions/libxt_REDIRECT.man
@@ -8,7 +8,8 @@ chains, and user-defined chains which are only called from those
 chains.  It redirects the packet to the machine itself by changing the
 destination IP to the primary address of the incoming interface
 (locally-generated packets are mapped to the localhost address,
-127.0.0.1 for IPv4 and ::1 for IPv6).
+127.0.0.1 for IPv4 and ::1 for IPv6, and packets arriving on
+interfaces that don't have an IP address configured are dropped).
 .TP
 \fB\-\-to\-ports\fP \fIport\fP[\fB\-\fP\fIport\fP]
 This specifies a destination port or range of ports to use: without