Giulio Orsero wrote:
> On Tue, 18 May 1999 15:11:19 +0200, hai scritto:
>
> >my firewall runs diald 0.16.5 on rh 5.2; clients run dialmon.
> >Sometimes diald dials again after a client disconnects and shuts down
> >the browser (Netscape 4.5).
>
> Probably they are ACK or RST packets, you can see that from the log.
> If this is the case you can block reconnecting by inserting rules as:
>
> keepup tcp 180 tcp.ack,tcp.source=tcp.www
> keepup tcp 180 tcp.ack,tcp.dest=tcp.www
> keepup tcp 90 tcp.ack,tcp.source=tcp.ftp-data
> keepup tcp 90 tcp.ack,tcp.dest=tcp.ftp-data
> keepup tcp 90 tcp.ack,tcp.source=tcp.ftp
> keepup tcp 90 tcp.ack,tcp.dest=tcp.ftp
> keepup tcp 20 tcp.ack
> ignore tcp tcp.ack
>
> Before the accepting rules.
>
> So ACK packets will keep the link up, but not bring it up.
>
> The reason is that when you shut down a client that had not completely closed
> the connection, it tries to do it at that moment by sending some packets over
> the network.
AT LAST!!! I've lost count of the number of times that question has been asked
on this list and this is the first time I've seen an informed answer. And a cure
to boot!
But I must confess I still don't understand why the browser needs to
'disconnect'. I thought http was a stateless (i.e. connectionless) protocol.
--
[EMAIL PROTECTED] Ralph Clark, Virgo Solutions Ltd (UK)
__ _
/ / (_)__ __ ____ __ * Powerful * Flexible * Compatible * Reliable *
/ /__/ / _ \/ // /\ \/ / *Well Supported * Thousands of New Users Every Day*
/____/_/_//_/\_,_/ /_/\_\ The Cost Effective Choice - Linux Means Business!
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
