Hi,
202-03-19 16:39 keltezéssel, Micheal Wolfskill írta:
Its not affecting the normal viewing of my site.. but I wish to know
why it is matching these packets as Iam sure it should not.
Don't be so sure! :D
AFAIK iptables/netfilter uses a different state machine than the TCP
stack in the kernel...
http://userpages.umbc.edu/~jeehye/cmsc491b/lectures/tcpstate/sld001.htm
http://www.lug.or.kr/docs/iptables-tutorial/chunkyhtml/c4219.htm
On this page:
http://www.lug.or.kr/docs/iptables-tutorial/chunkyhtml/x4436.htm
"If the connection is reset by a RST packet, the state is changed to
CLOSE. This means that the connection per default has 10 seconds before
the whole connection is definitely closed down. RST packets are not
acknowledged in any sense, and will break the connection directly."
Maybe that is the source of your problem. Or there may be some timing
issues (lifetime of a connection, etc.)
Swifty
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
