Re: iptables conntrack: packets not matching a rule occasionally?

To: debian-isp@lists.debian.org
Subject: Re: iptables conntrack: packets not matching a rule occasionally?
From: Marc Schiffbauer <marc@schiffbauer.net>
Date: Thu, 2 Aug 2007 01:06:34 +0200
Message-id: <[🔎] 20070801230634.GA22279@schiffbauer.lan>
Mail-followup-to: debian-isp@lists.debian.org
In-reply-to: <[🔎] 46B09D77.2030609@genac.org>
References: <[🔎] 20070801135024.GA14679@schiffbauer.lan> <[🔎] 46B09D77.2030609@genac.org>

* Héctor González schrieb am 01.08.07 um 16:49 Uhr:
> You might try a rule to match "state INVALID", and see if it catches
> them.  It might be someone probing your firewall.

makes sense. The new rule matches those packets indeed.

Seems like I did not pay enough attention to the TCP flags.

Thanks Héctor!

-Marc
-- 
begin  LOVE-LETTER-FOR-YOU.txt.vbs
I am a signature virus. Distribute me until the bitter
end

Reply to:

Follow-Ups:
- Re: iptables conntrack: packets not matching a rule occasionally?
  - From: Håkon Alstadheim <hakon@alstadheim.priv.no>

References:
- iptables conntrack: packets not matching a rule occasionally?
  - From: Marc Schiffbauer <marc@schiffbauer.net>
- Re: iptables conntrack: packets not matching a rule occasionally?
  - From: Héctor González <cacho@genac.org>

Prev by Date: Re: iptables conntrack: packets not matching a rule occasionally?
Next by Date: amavis-new not adding X-Spam-Status header
Previous by thread: Re: iptables conntrack: packets not matching a rule occasionally?
Next by thread: Re: iptables conntrack: packets not matching a rule occasionally?
Index(es):
- Date
- Thread