Re: Packets (sometimes) not marked as RELATED/ESTABLISHED

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mart Frauenlob <mart.frauenlob@chello.at>
To: Christian Robottom Reis <kiko@acm.org>, netfilter@vger.kernel.org
Subject: Re: Packets (sometimes) not marked as RELATED/ESTABLISHED
Date: Wed, 23 Mar 2016 21:17:24 +0100	[thread overview]
Message-ID: <56F2F9D4.7040109@chello.at> (raw)
In-Reply-To: <20160322185530.GA3152@anthem.async.com.br>

On 22.03.2016 19:55, Christian Robottom Reis wrote:
> Hello there,
>
>      In periodically looking at my firewall logs I've always noticed that
> from time to time a certain pattern will show up in my logs which
> indicates that a legitimate stream which should have been marked
> RELATED/ESTABLISHED isn't. I have the following rules set up to allow
> related incoming traffic:
>
>      -A INPUT -i eth3 -p tcp -m tcp --dport 10000:65535
>          -m state --state RELATED,ESTABLISHED -j ACCEPT
>      -A INPUT -i eth3 -p tcp -m tcp --sport 10000:65535
>          -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> AIUI this is what allows the response from a website request to be
> targeted ACCEPT in the INPUT chain. However, my logs show that sometimes
> this doesn't work. Here's a recent example:
[...]

Hello,

try to drop --state INVALID and check if you still see them.

Best regards,
Mart

     prev parent reply	other threads:[~2016-03-23 20:17 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-22 18:55 Packets (sometimes) not marked as RELATED/ESTABLISHED Christian Robottom Reis
2016-03-23 19:53 ` Robert Nichols
2016-03-23 21:00   ` Neal P. Murphy
2016-03-23 20:17 ` Mart Frauenlob [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56F2F9D4.7040109@chello.at \
    --to=mart.frauenlob@chello.at \
    --cc=kiko@acm.org \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.