> I'm just guessing, but what I know from my FW logs, is that IE tends to > send packets in INVALID state. > That would explain, why there's no problem with Firefox. I would also expect to see this, but I don't think the packet is even making it to the filter section. I have logging for anything dropped and yet nothing is coming in from originating IP's that are affected. I will probably do something painful and put more logging in the chains to see if I can better catch the problem. The only issue I have is that the problem is random. I will definitely look for that though. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
