On Mon, Dec 27, 2004 at 04:59:52PM -0800, Shaun Savage wrote: > I am have a problem getting iptables to work with a bain dead linksys > printserver. After is receives a syn packet it send a syn-ack-psh > packet. Is psh allowed here? The conntrack can't find a match and the > packet is INVALID. NO connection. SYN-ACK-PSH is not a valid response to a SYN packet. you will never get iptables (or any stateful firewall) to recognize this as a valid connection. you will have to allow this communication without relying on "-m state." -j
