>On Wednesday 2008-06-18 20:03, Gáspár Lajos wrote: > >> Douglas Rabe wrote: >>> Greetings, >>> >>> I dont understand why this traffic is dropped? >>> >>> Jun 18 17:03:39 iahabs1 kernel: IN_DROP: IN=eth0 OUT= >>> MAC=00:1c:23:ca:ec:1d:00:1b:53:87:68:c0:08:00 SRC=10.192.130.104 >>> DST=192.168.51.1 LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=5563 DF PROTO=TCP >>> SPT=35557 DPT=80 WINDOW=65149 RES=0x00 ACK FIN URGP=0 >> >> Because it is a FIN packet... = ! (NEW,RELATED or ESTABLISHED) but >> INVALID !!! > >Seriously, FIN packets should not be dropped, otherwise a connection >is lurking around until it times out. So, how do I fix my firewall not to drop these FIN packets? iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT There is no --state FIN is there? -- Douglas Rabe drabe@xxxxxxxxxx 315-234-7995 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
