Re: outgoing SYN blocked even if it is allowed by ipf.rules
This is a discussion on Re: outgoing SYN blocked even if it is allowed by ipf.rules within the IPFilter forums, part of the System Security and Security Related category; Matthias Apitz wrote: > Now my VC tries (for some reason which I don't understand as well) to > ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-25-2007
|
|||
|
|||
Re: outgoing SYN blocked even if it is allowed by ipf.rules
Matthias Apitz wrote:
> Now my VC tries (for some reason which I don't understand as well) to > initiate a new TCP session here: > > 13:30:08.499026 IP 10.0.1.40.2546 > xxx.xxx.xxx.xxx.3233: S 49301289:49301289(0) ack 979701897 win 23360 <mss 536> No, it doesn't. That's a SYN+ACK, not a SYN. You haven't shown us the SYN packet. > the line in ipf.rules is: > > pass out log first quick on em1 proto tcp from any to xxx.xxx.xxx.xxx flags S keep state > > Why the traffic 'TCP 10.0.1.40.2546 > xxx.xxx.xxx.xxx.3233: SYN' does not > match the rule? Because SYN != SYN+ACK. -- Carson 
|
Linear Mode
