> Then there were packets flagged as INVALID by conntrack, which are of > course not matched by the states above. The reject line however matched > them and dutifully generated the RST segment, which tore down the > connection. But what is the reason for the difference in behaviour for -j REJECT vs -j RECECT --reject-with tcp-reset? Why does one kill the connection and not the other? > Enable logging invalid packets by > > echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid > > and make sure ipt_LOG is loaded in. Will do this :) Best regards Stian B. Barmen
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
