> For Netfilter connection tracking, a NEW TCP connection does not have to > start with a SYN packet. If > /proc/sys/net/netfilter/nf_conntrack_tcp_loose is set to 1 (default), > Netfilter will try to pick up connection. By this mean, it is possible > to recover a connection (in some fail-over case for example), but it > introduces this looking-weird-at-first behaviour. > > BR, > - -- > Eric Leblond <eleblond@xxxxxx> because of that netfilter put it in INPUT-Chain? and I wonder why it occurs randomly. Should I switch to nf_conntrack_tcp_loose 0? -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
