On Sun, 11 Dec 2011 20:03:59 -0500 (EST) Wietse Venema <wie...@porcupine.org> wrote:
> Wietse Venema: > > > bge1 @0:24 b <my_outside_ip>,25 -> 89.73.201.168,36545 PR > > > tcp len 20 40 -AR OUT > > > > Why are you blocking outbound TCP RST? > > According to ipmon(8), The web is rotting my brain. I never thought to actually check, you know, the manual page. Good. Grief. > -AR means the ACK and RST flags are set. > My question is why is your firewall blocking outbound ACK|RST? I'm using basically "canned" rulesets in my ipfilter setup. That is the default deny at the end of bge1's output filters. I must've messed-up, somewhere. I'll take a look in the morning. Thanks, Wietse, Sahil, for the education. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>.