Jim Sandoz wrote:
>
>
> john,
>
> the most likely problem is that your rule of
> > block return-rst in log quick proto tcp all
> is the cause of the problem. it looks so innocent
> until a misordered packet comes along. and then
> bam! -- the connection gets reset.
>
> to fix this "problem", first refer to this link
> http://marc.theaimsgroup.com/?l=ipfilter&m=97234715121908&w=2
> and my subsequent entry in phil's FAQ:
> http://home.earthlink.net/~jaymzh666/ipf/IPFprob.html#9
Thank you - that seems to have fixed the problem . Or worked around it,
depending on whether it's a feature or a bug that misordered packets are
rejected by IP Filter - surely, since they're a legitimate/expected part of
normal TCP operation they should be allowed through if associated with an
established stateful connection ...?
John Line
--
University of Cambridge WWW manager account (usually John Line)
Send general WWW-related enquiries to [EMAIL PROTECTED]
