--- /usr/src/debug/kernel-3.11.fc19/linux-3.11.6-200.fc19.x86_64/net/netfilter/xt_socket.c	2013-09-02 23:46:10.000000000 +0300
+++ xt_socket.c	2013-10-24 15:07:59.592607433 +0300
@@ -115,6 +115,8 @@
 	struct nf_conn const *ct;
 	enum ip_conntrack_info ctinfo;
 #endif
+	if (sk && sk->sk_state == TCP_CLOSE)
+	  sk = NULL;
 
 	if (iph->protocol == IPPROTO_UDP || iph->protocol == IPPROTO_TCP) {
 		hp = skb_header_pointer(skb, ip_hdrlen(skb),