[Bug 706] Iptables randomly reject some packets that have accept rule

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Sat Mar 5 13:54:56 CET 2011


http://bugzilla.netfilter.org/show_bug.cgi?id=706


Jan Engelhardt <jengelh at medozas.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME




--- Comment #3 from Jan Engelhardt <jengelh at medozas.de>  2011-03-05 13:54:55 ---
>I no more check for state NEW on the dstport 443, now i haven't no more packet rejected

Hm, that would support the theory of packets being possibly INVALID. You can
test this specifically by adding a rule in that location with -m conntrack
--ctstate INVALID -p tcp --dport 443 -j LOG --log-prefix "inv-443: " or
something like that.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.



More information about the netfilter-buglog mailing list