Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have the Linux firewall in that I have the following rule.
$IPT -A bad_packets -p ALL -m state --state INVALID -j LOG \
--log-prefix "fp=bad_packets:1 a=DROP "
$IPT -A bad_packets -p ALL -m state --state INVALID -j DROP
but that rules blocking this request and I found that this request its a genuine request then why its blocking by the firewall .... Logs of firewall is here below.
This is a result of the stateful firewall not being able to match the packet to a known active connection.
Possible reason for this behaviour is that the FIN/ACK packet is send very long after the FIN packet.
Another possibility is that the firewall is not able to handle the amount of connections.
The only solutions I came accross is to make the firewall stateless for the port(s) where this problem occurs, or ignore the packets with ACK FIN URGP=0 set altogether.
It is not a question if the firewall should block that traffic.
The issue is that the firewall can not relate the message to a known active connection.
Because it is a stateful firewall it will automatically block traffic if it can not relate that traffic to a known active connection.
The possible solutions are the ones I gave in my first reply.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.