Hi all I've noticed something strange with my firewall. I usually leave some ssh connections open through the firewall overnight, but I reboot the firewall every night. For ssh I have some very strict rules regarding new connections (tcp-flags ALL SYN) and up till now, this caused the connections to be dropped during the reboot of the firewall.
However, this morning I came in and the connection was still active. The firewall did record new activity, but only the ACK flag was set for the new connection. How should I interpret this behaviour? For me it seems that iptables did not apply my rules as strictly as I defined them, which doesn't sound like a very solid basis for a production firewall... Cheers Simon PS, this is a debian woody PC (2.4.18 kernel, iptables 1.2.6a)
