Hi, I use kernel version 2.4.17 and 2.4.18 (Debian 2.2) and I have this rule in my IPtables settings:
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "IPTABLES NEW not SYN: " I think that every NEW tcp connection must have syn flag set, so I put this rules there. I was surprised how offten I see in the log file something like this: Mar 20 16:25:38 odin kernel: IPTABLES NEW not SYN: IN=eth0 OUT= MAC=00:01:02:a5:17:2c:00:60:3e:81:66:c9:08:00 SRC=SOMEIP DST=MYIP LEN=80 TOS=0x10 PREC=0x00 TTL=60 ID=12256 DF PROTO=TCP SPT=1412 DPT=21 WINDOW=32120 RES=0x00 ACK PSH URGP=0 I hope my rule shown above is fine, so I don't know if there is a bug in netfilter or I'm not right. -- Martin Pavlas Pwrgeneration.net ICC s.r.o.
