Problem with PSH flag?
Hi! I configured iptables with state handling. Now I get DROP log entries like the following: Jul 17 12:20:08 lnxsrv2 kernel: RULE 12 -- DROP IN=ippp0 OUT= MAC= SRC=205.181.113.142 DST=217.4.5.161 LEN=1500 TOS=0x00 PREC=0x00 TTL=238 ID=34130 DF PROTO=TCP SPT=80 DPT=32792 SEQ=2507347035 ACK=565321722 WINDOW=10220 RES=0x00 ACK PSH URGP=0 It seems to me the PSH flag makes iptables drop the packet. But should iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT not take care of all response packets? Amazingly, all connections seem to work well. But I'd like to have a completely proper packet filter. So, could anyone here wave the clue stick in my general direction? TIA, Jochen -- ---------------------------------------------------------------- *Jochen Lillich*, Dipl.-Inform. (FH) Consultant/Trainer @ /TeamLinux GbR/ Tel. +49 7254 985187-0 http://www.teamlinux.de ----------------------------------------------------------------
participants (1)
-
Jochen Lillich