hello,
i was just testing psd match and w/ ftp active mode.
I created 10000 files on the ftp server and set my ftp client to active mode and let it download those files while having `iptables -A INPUT -p tcp -m psd -j REJECT --reject-with tcp-reset` (with psd default threshold/weigh values). The psd matched 3136 packets.
Ftp server went mad issuing: 425: Unable to build data connection: Connection refused
This means i cannot relay on psd and block 'possible portscans'? Any suggestions?
The same would happen, if i created some rules with limit match..
I never have this problem. I think you should accept RELATED before the psd match.
Martijn
