On Wednesday 2008-06-18 20:03, Gáspár Lajos wrote: > Douglas Rabe írta: >> Greetings, >> >> I dont understand why this traffic is dropped? >> >> Jun 18 17:03:39 iahabs1 kernel: IN_DROP: IN=eth0 OUT= >> MAC=00:1c:23:ca:ec:1d:00:1b:53:87:68:c0:08:00 SRC=10.192.130.104 >> DST=192.168.51.1 LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=5563 DF PROTO=TCP >> SPT=35557 DPT=80 WINDOW=65149 RES=0x00 ACK FIN URGP=0 > > Because it is a FIN packet... = ! (NEW,RELATED or ESTABLISHED) but > INVALID !!! Seriously, FIN packets should not be dropped, otherwise a connection is lurking around until it times out. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
