Re: iptables in 2.4.10, 2.4.11pre6 problems

From: Jeffrey W. Baker (
Date: Tue Oct 09 2001 - 12:07:05 EST

On 9 Oct 2001, Trever L. Adams wrote:

> I am seeing messages such as:
> Oct 9 12:52:51 smeagol kernel: Firewall:IN=ppp0 OUT= MAC=
> ID=1093 DF PROTO=TCP SPT=80 DPT=33157 WINDOW=34752 RES=0x00 ACK FIN
> URGP=0
> In my firewall logs. I see them for ACK RST as well. These are valid
> connections. My rules follow for the most part (a few allowed
> connections to the machine in question have been removed from the
> list). This often leaves open connections in a half closed state on
> machines behind this firewall. It also some times kills totally open
> connections and I see packets rejected that should be allowed through.

I see this too. iptables is refusing packets on locally-initiated TCP
connections when the RELATED,ESTABLISHED rule should be letting them

I mentioned this problem on the netfilter list but my message fell into
a black hole and was apparently beyond the horizon of the developers.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon Oct 15 2001 - 21:00:26 EST