On Saturday 2010-06-12 16:12, Narendra Choyal wrote: > iptables -A INPUT -p tcp -i eth0 --tcp-flags ACK,SYN,FIN,RST,URG,PSH >RST -j DROP > >if you are using above iptable rule then this will stop breaking of >the the connection, like if you make a ssh connection then this will >not break connection. This is flawed, it basically ignores any RST, which means connections will hang around for until they timeout. And that in turn, can be up to 5 days. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
