[NETFILTER]: tcp_conntrack: accept RST|PSH as valid
Pablo Neira Ayuso
pablo at netfilter.org
Sun Mar 11 18:43:07 CET 2007
Willy Tarreau wrote:
> This combination has been encountered on an IBM AS/400 in response
> to packets sent to a closed session. There is no particular reason
> to mark it invalid.
I wonder if it is time to document this stuff. Would an interface to
configurate valid TCP flags settings from userspace be too much? Of
course, we would have a default configuration setup for them.
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
More information about the netfilter-devel