Please try this patch...
Note that this should be a warning to people not to reject packets
based on ipt_unclean, or we'll end up with another situation like the
ECN blackholes when the next Funky New Thing comes along...
Thanks,
Rusty.
-- Premature optmztion is rt of all evl. --DKdiff -urN -I \$.*\$ -X /home/rusty/devel/kernel/kernel-patches/dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ipt_unclean.c working-2.4.7-unclean/net/ipv4/netfilter/ipt_unclean.c --- linux-2.4.7-official/net/ipv4/netfilter/ipt_unclean.c Sun Jul 22 13:13:27 2001 +++ working-2.4.7-unclean/net/ipv4/netfilter/ipt_unclean.c Mon Jul 23 18:29:11 2001 @@ -331,6 +331,7 @@ tcpflags = ((u_int8_t *)tcph)[13]; if (tcpflags != TH_SYN && tcpflags != (TH_SYN|TH_ACK) + && tcpflags != TH_RST && tcpflags != (TH_RST|TH_ACK) && tcpflags != (TH_RST|TH_ACK|TH_PUSH) && tcpflags != (TH_FIN|TH_ACK) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/