On Wed, Apr 12, 2000 at 09:36:01PM +0200, Giacomo Mulas wrote: > 5) the transfer lasts long enough for spf to timeout and close the channel > for reply packets on the ftp control port
That means not only did the transfer last long, but also you have at least 30 seconds without any packets going out from your site. AFAIK teh client sends some acks when receiving packets, doesn't it? > A possible cure would be to simply set a static input rule letting > through tcp packets with the SYN flag unset. This should be relatively > safe (and the default behaviour of non-debian spf, if I remember Yes, that's right. > correctly), but it would also let through some portscans. Any simple > solutions? And yes, that's the problem. michael -- Michael Meskes | Go SF 49ers! Th.-Heuss-Str. 61, D-41812 Erkelenz | Go Rhein Fire! Tel.: (+49) 2431/72651 | Use Debian GNU/Linux! Email: [email protected] | Use PostgreSQL!
