Hi, Recently, we had some DDoS type attacks on our servers, so in an attempt to secure our systems, we added some iptables rules, which seems to work quite well on most of our servers. Even on systems dedicated to Squid, all seems to run well. However, one rule in particular seems to catch up a lot of entries in Squid machines, which are almost non-existent on the other non-Squid machines: -A OUTPUT -p tcp -m tcp --tcp-flags RST RST -j OUTRST -m comment --comment "OUTPUT: Catch RST pkt" -A OUTRST -j LOG --log-prefix "OUTRST: " -A OUTRST -j DROP -m comment --comment "OUTRST: Drop outbound RST" >From what we have seen, this does not seem to have a detrimental affect on Squid Proxy. But, out of academic interest, we would still like to learn more on why so many RST packets would be generated from the server itself. Can anyone shed some light? Regards HASSAN
