iptables and 'new not syn' packets
Our machines are running behind a Debian firewall/router with iptables, under a 2.6.26 kernel, and with a fairly generic set of rules.
One such rule...
... drops 'new not syn' packets. The log usually contains a few, less than 20, of these each month. However, after recently starting some work with another known (and I think trusted) site, communications with them yield at least one of the above mentioned packets with each contact. Sometimes 60-80 per day. The remote site is adamant that the problem has to lie in our OS or netfilter configuration. The occurrence of these packets doesn't seem to have any adverse effects on the exchange of data, the work flow appears to hum along fine. My question is, is it logical to assume that, given the 'every single time' occurrence of the dropped packets, and no other increase in activity in this category from other sources, that the remote site is somehow munging things at their end? Or, is there some other nuance of dealing with 'new not syn' packets that we should be doing? The latter seems unlikely as I've already exceeded my quota for mistakes this year. :wink:
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
Any thoughts on this are appreciated!