[Firehol-support] Strange problem...

Wed Dec 17 13:40:42 CET 2008

Sim wrote:
> And in this case?
>
> Dec 17 08:54:48 lan kernel: [583093.117359] 'PASS-unknown:'IN=eth1
> OUT=ppp0 SRC=192.168.0.200 DST=216.218.211.34 LEN=40 TOS=0x00
> PREC=0x00 TTL=127 ID=3433 DF PROTO=TCP SPT=14321 DPT=80 WINDOW=64859
> RES=0x00 ACK FIN URGP=0
> Dec 17 08:55:23 lan kernel: [583128.285620] 'PASS-unknown:'IN=eth1
> OUT=ppp0 SRC=192.168.0.200 DST=216.218.211.34 LEN=40 TOS=0x00
> PREC=0x00 TTL=127 ID=3578 DF PROTO=TCP SPT=14321 DPT=80 WINDOW=64859
> RES=0x00 ACK FIN URGP=0
> Dec 17 09:01:11 lan kernel: [583475.518155] 'PASS-unknown:'IN=eth1
> OUT=ppp0 SRC=192.168.0.67 DST=66.249.91.104 LEN=40 TOS=0x00 PREC=0x00
> TTL=127 ID=788 DF PROTO=TCP SPT=49200 DPT=80 WINDOW=16445 RES=0x00 ACK
> FIN URGP=0
> Dec 17 09:01:11 lan kernel: [583476.117360] 'PASS-unknown:'IN=eth1
> OUT=ppp0 SRC=192.168.0.67 DST=66.249.91.104 LEN=40 TOS=0x00 PREC=0x00
> TTL=127 ID=789 DF PROTO=TCP SPT=49200 DPT=80 WINDOW=16445 RES=0x00 ACK
> FIN URGP=0
>
> Why it's matched and filtered?
>   
Sim, please read again my first response. This is the "common" FIN ACK 
case I gave, as an example, there.

Costa