Hi,
Pat Riehecky írta:
I seem to be capturing way more packets than I intend (or even expect!).
I am running squid and have the firewall rules below running on it. For
some reason I am capturing hundreds of packets that I don't think should
be caught.
Maybe someone is scanning you....
I have increased the timeouts in /proc/ (via sysctl) to fix this, but no
dice. Anyone have any idea why the sample packet below would be
captured? It is getting picked up by either the
-A INPUT -p tcp -m tcp ! --syn -m conntrack --ctstate INVALID -j DROP
but sometimes the
-A INPUT -p tcp -m tcp ! --syn -m state --state NEW -j DROP
Take a look on nmap...
The packet looks to have been requested by squid, it is coming on port
80... I also seem to be having the same behavior on the squid side
where the FIN/ACK packets are being caught by the conntrack rule...
I know I have something wrong, just what exactly is eluding me...
Any help would be helpful!
Swifty
