> > Apr 28 22:07:47 fire Invalid: IN=eth1 OUT= > > MAC=00:d0:b7:1d:cc:7d:00:90:69:f0:b0:20:08:00 SRC=156.56.247.195 > > DST=217.199.xx.18 LEN=1500 TOS=00 PREC=0x00 TTL=53 ID=53186 CE DF > > PROTO=TCP SPT=80 DPT=33553 SEQ=990104197 ACK=497088462 WINDOW=6432 ACK > > URGP=0 > > the only thing that jumps out at me is that all those packets have the > CE bit set (Congestion Experienced). care to share with us the rule > that creates those log entries? is it just "-m state --state INVALID -j > LOG"? i would be very surprised if setting CE caused a packet to > identified as INVALID... > Yes of course I share willingly :) iptables -L INVALIDDROP -n &>/dev/null ||\ iptables -N INVALIDDROP iptables -A INVALIDDROP -j ULOG --ulog-prefix "Invalid: " iptables -A INVALIDDROP -j DROP iptables -A INPUT -m state --state INVALID -j INVALIDDROP This is the lines from my firewall script. It is like you say only -m state --state INVALID that is used. From my iptables -L you can see it's right there at the top: fire root # iptables -L INPUT -n Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- 127.0.0.0/8 127.0.0.0/8 INVALIDDROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID ..... <snip> ..... Best regards Stian B. Barmen
Attachment:
smime.p7s
Description: S/MIME cryptographic signature