[squid-users] Packets logged as blocked even Firewall (IPtables) accepts them ...

Tue Jul 18 13:37:03 UTC 2017

On Tue, July 18, 2017 15:28, Matus UHLAR - fantomas wrote:
> On 18.07.17 14:29, Walter H. wrote:
>>-A INPUT -i br0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>
>>-A INPUT -i br0 -m tcp -p tcp --dport 3128 -m state --state NEW -j ACCEPT
>
>>-A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7
>
>>[17-Jul-2017; 19:49:13.590130] IP[IN]: IN=br0 OUT=
>>MAC=24:01:00:00:01:24:24:00:08:01:05:24:08:00 SRC=192.168.0.10
>>DST=192.168.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP
>>SPT=54916 DPT=3128 WINDOW=0 RES=0x00 RST URGP=0
>
> it's a RST packet, apparently for connection that was already closed and
> thus is not ESTABLISHED,RELATED nor NEW
>
> logging state INVALID could explain

how would I do this?

Thanks,
Walter