Hi Gáspár,
--- On Fri, 6/20/08, Gáspár Lajos wrote:
> Doug Kehn írta:
> > The connections do hang if I change the rule to:
> >
> > iptables -t raw -A PREROUTING -d !
> 192.168.2.0/255.255.255.0 -i eth0 -p tcp -m tcp --tcp-flags
> FIN,SYN,RST,ACK ACK -m tcp --dport 80 -j NOTRACK
> >
> > This makes sense, I believe, because the ACK to the
> SYN-ACK wouldn't be tracked and the connection state
> would never reach ESTABLISHED.
> >
> What about the UNTRACKED state???
I get the same result with UNTRACKED. 8(
Thanks,
...doug
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
