On Thu, 2003-05-29 at 11:17, SB CH wrote: > Thanks for your kind reply. > > >Those are 'broken' browsers that do not follow the http standard > >properly. > which browers? Netscape or Opera? mostly use MSIE, right? > Just IE I think ... > > >Stop using non-standards complient browsers. Sometimes changes to > >standards are not 'enhancements'. > There are so lots of people which use different browser, > then you mean that there is not any solution to solve this problem at > iptables level? > Sure, just ACCEPT the ACK-FIN packets. > > Thanks for your reply. > > > > From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> > To: Netfilter Mailing List <netfilter@xxxxxxxxxxxxxxxxxxx> > Subject: Re: lots of ACK/FIN filtering (DPT=80) at web server. > Date: 29 May 2003 07:25:38 +0200 > > Hi there > > On Wed, 2003-05-28 at 10:46, SB CH wrote: > > Hello, all. > > > > I have operated linux web server and executed iptables 1.2.8. > > > > and I have found so lots of logs like this ACK,FIN filtering. > > Surely, ACK-FIN is a connection closing step, so there is no problem for > > customers but I would like to know why this happens!! > > I guess that the timeout of the connection tracking related. > > > Those are 'broken' browsers that do not follow the http standard > properly. > > > > May 25 12:33:05 www kernel: IN=eth0 OUT= SRC=210.126.xxx.xx > > DST=211.10.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=118 ID=3376 DF PROTO=TCP > > SPT=3608 DPT=80 WINDOW=63520 RES=0x00 ACK FIN URGP=0 > > > > Do you have any problems like me? > Yes > > > and what's the problem and how can I solve this problem? > > > Stop using non-standards complient browsers. Sometimes changes to > standards are not 'enhancements'. > > > > > Thanks in advance for your kind opinios!! > > > > _________________________________________________________________ > > ??ì?¸??ì??. ?¤ë?????´ì?¸ 무ë£? ?¬ì£¼, ê¶?í?©, ??ëª?, ??ì?? ê°??´ë?? > > http://www.msn.co.kr/fortune/default.asp > -- > -- > Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> > Network Support Specialist > http://www.knowledgefactory.co.za > "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" > Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 > -- > << signature.asc >> > > _________________________________________________________________ > Áõ±Ç Á¤º¸ °¡Àå ºü¸£°í ÆíÇÏ°Ô º¸½Ç ¼ö ÀÖ½À´Ï´Ù. MSN Áõ±Ç/ÅõÀÚ > http://www.msn.co.kr/stock/ -- -- Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
Attachment:
signature.asc
Description: This is a digitally signed message part
