Hi everyone, My question is targeted to understanding Netfilter, because I know that the dropped packets are not impacting on the connection. My firewall is configured like this (showing only the important information): IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT IPTABLES -A FORWARD -p TCP -i $INET -o $LAN --syn --dport http -j ACCEPT and I've been noticing that packets with the ACK PSH flags set are dropped during the connection. I know that it's not because of the connection tracking, since the drops are occurring during the connection, not a long time after the connection, so they are definitely ESTABLISHED packets. And since ESTABLISHED packet should get through, I wonder why those are being blocked. Thanks, Pastorino
