Jozsef Kadlecsik a écrit :
The article must be corrected at one place: the claim: "After an outgoing SYN packet the firewall / NAT router will forward incoming packets with suitable IP addresses and ports to the LAN even if they fail to confirm, or confirm the wrong sequence number (ACK). Linux firewalls at least, clearly fail to evaluate this information consistently." is outdated and not true for 2.6 kernels.
For *recent* 2.6 kernels, with "recent" meaning 2.6.9 and above.
