Re: Help with invalid packets.
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Hi, 202-03-19 16:39 keltezéssel, Micheal Wolfskill írta:
Its not affecting the normal viewing of my site.. but I wish to know why it is matching these packets as Iam sure it should not.
Don't be so sure! :DAFAIK iptables/netfilter uses a different state machine than the TCP stack in the kernel...
http://userpages.umbc.edu/~jeehye/cmsc491b/lectures/tcpstate/sld001.htm http://www.lug.or.kr/docs/iptables-tutorial/chunkyhtml/c4219.htmOn this page: http://www.lug.or.kr/docs/iptables-tutorial/chunkyhtml/x4436.htm
"If the connection is reset by a RST packet, the state is changed to CLOSE. This means that the connection per default has 10 seconds before the whole connection is definitely closed down. RST packets are not acknowledged in any sense, and will break the connection directly."
Maybe that is the source of your problem. Or there may be some timing issues (lifetime of a connection, etc.)
Swifty -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html