> Was this already a known issue? A similar one. Yes, about a year ago I wrote about this patch breaking tcp-window-tracking.
Look here: http://lists.samba.org/pipermail/netfilter/2001-October/015930.html Jozsef answered it. I think that what you want to do with IP Personality can be done with the gr security patch (www.grsecurity.net), when you patch the kernel 2.4.18,or 2.4.18-pre1 (the latter don't patch yet) you will have grsecurity options concerning various methods to do such thing, like randomizing ttl, IP IDs, etc. But only without fine tuning that IP personality can have with its configuration files. I tried that, and i do not remember having trouble with ip_conntrack_ftp nor ip_nat_ftp. > Pascal. Maciej
