Why does iptables/netfilter randomly seem to not accept packets?

Solution Verified - Updated -

Issue

  • When using iptables, the front-end to the netfilter module, it appears as if a random packet is seen in a packet capture but it never makes it to the application.
  • When viewing this in a packet capture, sometimes an ICMP "Host Prohibited" packet is seen immediately after.
  • iptables receiving and rejecting INVALID packets

Environment

  • Red Hat Enterprise Linux
  • iptables firewall with connection tracking (including firewalld)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content