Hi I have a rule saying this: iptables -A INPUT -p 6 ! --syn -m state --state NEW -j LOG --log-level warn --log-prefix "### NOT-SYN ### " iptables -A INPUT -p 6 ! --syn -m state --state NEW -j DROP and I've got Logs that look like that: Dec 4 17:28:07 rproxy2 kernel: ### NOT-SYN ### IN=eth1 OUT= MAC=00:a0:24:6a:d0:56:00:10:db:1e:20:70:08:00 SRC=194.112.179.45 DST=192.168.1.6 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=2979 DF PROTO=TCP SPT=60351 DPT=80 WINDOW=5840 RES=0x00 ACK FIN URGP=0 Also I've got a snort box running in my ISPs subnet. Snort would have picked it up if this was a scan. Does iptables 1.2.5 have a problem with FIN-ACK packets? Thanks a lot and kind regards, Philipp
