ACK PSH FIN Drops by Netfilter
Hello,
I'm interested in solving the following problem:
I wrote netfilterrules for Kernel 2.4. Everythings works fine. All
wanted services are working properly, but anyway my global DROP rule
drops HTTP pacets in wich the options ACK PSH FIN are set. I don't know
if all pacets of that kind are dropped, but I oberserve quiete a lot of
them. HTTP Traffic is about 5 MBit/sec and netfilter drops about 2
pacets per second.
Question: Why does netfilter does this? Is there a possibilty that the
conntrack doesn't know these connections anymore? In which context are
these TCP options set?
Thx.
--
____ ______
/ __ \/ ____/ *** Dipl.-Inform. Oliver Fritz ***
/ / / / /_ phone: +49 175 xxxxxxxx
/ /_/ / __/ mail: oliver@oliver-fritz.de
\____/_/ WWW: http://www.oliver-fritz.de
*** Life starts at 9000 RPM ***
Reply to: