ACK PSH blocked
Carlos Pastorino
carlos.pastorino at gmail.com
Fri Nov 4 17:35:33 CET 2005
Hi everyone,
My question is targeted to understanding Netfilter, because I know
that the dropped packets are not impacting on the connection.
My firewall is configured like this (showing only the important information):
IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
IPTABLES -A FORWARD -p TCP -i $INET -o $LAN --syn --dport http -j ACCEPT
and I've been noticing that packets with the ACK PSH flags set are
dropped during the connection.
I know that it's not because of the connection tracking, since the
drops are occurring during the connection, not a long time after the
connection, so they are definitely ESTABLISHED packets. And since
ESTABLISHED packet should get through, I wonder why those are being
blocked.
Thanks,
Pastorino
More information about the netfilter
mailing list