Antony Stone <Antony@xxxxxxxxxxxxxxxxxxxx> - Sun, Dec 14, 2003: > So, if your HTTP client is just dropping a connection without closing it > nicely (using FIN, or even RST) then netfilter will think it is still > ESTABLISHED. I should have written that the connection is closed nicely, with a FIN packet (I just re-checked). Please note that the conntrack keeps closed connection for a while exactly like a normal connection, and with the [ASSURED] flag but it adds a TIME_WAIT flag to closed connections. > I don't know if this explains the problem you are seeing, but it's a reason > why netfilter may think the connection is in a different state than the > client does. Yes, it could have been a good explanation. -- Loïc Minier <lool@xxxxxxxx>
