Hi As we know iptables INVALID state means, that the packet is associated with no known connection, right? So, if I have a lot of INVALID entries in my log files, does it means, that something is wrong? Hidden process etc.?
An example of logged entries; t4 kernel: [18776.221378] [INVALID in] IN=eth0 OUT= MAC=mac_address SRC=173.194.70.189 DST=192.168.5.200 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=8371 PROTO=TCP SPT=443 DPT=45458 WINDOW=0 RES=0x00 RST URGP=0 t4 kernel: [18262.496058] [INVALID out] IN= OUT=eth0 SRC=192.168.5.200 DST=213.180.146.88 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=18981 DF PROTO=TCP SPT=37190 DPT=80 WINDOW=16576 RES=0x00 ACK FIN URGP=0 For example, lsof -i -n -P command shows only ESTABLISHED connections; nothing strange, nothing more. Best regards.
