At 11:57 Uhr -0700 01.09.2007, Darren Reed wrote:
And is http://www.phildev.net/ipf/IPFprob.html#prob9 of any relevance here?
Sort of. Once the connection is gone from the state table, it has
to be able to be recreated. SO if you only have "flags S keep state"
then the state wont be recreated when an ACK comes along.
It looks like adding a "flags S" to all of the "block return-rst ...
proto tcp" rules has taken care of the problem.
hauke
--
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut für Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
Respect for open standards Ruf +49-6151-16-3281
