Hi, I have a question about NetFilter using. Here a part of my configuration : ... iptables -A INPUT -m state --state NEW -j LOG --log-prefix "NEW SSH : " iptables -A INPUT -m state --state ESTABLISHED -j LOG --log-prefix "ESTABLISHED SSH : " iptables -A INPUT -d $IPADDR_ADMIN -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -s $IPADDR_ADMIN -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT ... When I send this kind of packet (avec Ftester tools) : 1 - 10.170.225.0:1025 > 10.64.19.212:22 AP TCP 0 I have this trace : Apr 25 09:46:39 unzs148 kernel: NEW SSH input : IN=eth0 OUT= MAC=00:0d:60:9a:30:9a:00:0d:60:d5:1a:f0:08:00 SRC=10.170.225.0 DST=10.64.19.212 LEN=55 TOS=0x00 PREC=0x00 TTL=200 ID=1 DF PROTO=TCP SPT=1025 DPT=22 WINDOW=65535 RES=0x00 ACK PSH URGP=0 And the packet have passed the FW !!! The FW see the packet as a "new connection" (state NEW), and I have never send packek with SYN flag !!! I'm surprise of this result. My configuration is false ? Thank you. Best regards. Christophe Thiébaud France Telecom ROSI/DPS/IEP
