-----BEGIN PGP SIGNED MESSAGE-----
Peter Allgeyer wrote:
| This is a blocked IP packet with tcp options set (FIN, ACK). It's surely
| no outgoing _request_. The above tcp packet wants to close a tcp
| connection (or -- more unlikely -- answers to a closing request from the
| remote side) the firewall doesn't know anything about (anymore). What
| can cause this behaviour?
Yes, I suspected this. I noticed this only on connections that maintain
a persistent connection, lke IMAP.
| a) The firewall has a tcp state table timeout (and nat table timeout,
| too, I believe). By default, tcp times out at 2.5 hours (since 1.2b2).
| Maybe your webbrowser asks to terminate a tcp connection your firewall
| has seen the last packet more than 2.5 hours ago.
| b) Problems with recognising and relating the FIN and FIN,ACK packets at
| the end of a connection.
| Does this log entry cause any problems?
Basically, it's an annoyance, because my log monitoring software reports
my IPs as the most actively blocked. Oh sure, I could block it, but then
what if there really was a problem with one of those IPs?
MTSU, Murfreesboro, TN
zach at zachlowry dot net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----