Netfilter's connection tracking of half-closed tcp connections is not working

Solution In Progress - Updated -

Issue

A client has the following iptables rules:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j REJECT

With the following steps we can observe the issue:
1. The client (B) has an established TCP connection with server (A). The client (B) has the iptables rules described above.
2. Now the (B) does a shutdown(SHUT_WR) and closes only the sending direction. Receiving connection is still working.
3. Now if the server will send data after 60 seconds, the connection tracking will simply drop this data and won't recognize that the connection is still half-open (i.e. in FIN_WAIT2)

Can the connection tracking module be made aware of the half-open connection?

Environment

  • Red Hat Enterprise Linux 5, 6, 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.