Hi,
I use a test tool to verify my iptables firewall, but unfortunately it
doesn't pass. The test tool doesn't follow the normal TCP 3-handshake
Syn->SynAck->Ack, it goes as below.
1. A:25205 ---SYN---> B:80
2. A:25205 <---SYN--- B:80
(ie. 25205 and 80 are port numbers)
My test report tells me that it can successfully send a reply (2nd)
packet, which only has SYN flag, through my firewall. I found the tcp
tracking state is SYN_RECV from the /proc/net/ip_conntrack after the 2nd
packet is pass. As my understood, the SYN_RECV only happens when the
"Syn+Ack" packet is pass, doesn't it?
Besides, can I only allow those normal TCP 3-handshake packets through
my firewall?
/Jason
