Netfilter's connection tracking of half-closed tcp connections is not working

Solution In Progress - Updated -

Issue

A client has the following iptables rules:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j REJECT

With the following steps we can observe the issue:
1. The client (B) has an established TCP connection with server (A). The client (B) has the iptables rules described above.
2. Now the (B) does a shutdown(SHUT_WR) and closes only the sending direction. Receiving connection is still working.
3. Now if the server will send data after 60 seconds, the connection tracking will simply drop this data and won't recognize that the connection is still half-open (i.e. in FIN_WAIT2)

Can the connection tracking module be made aware of the half-open connection?

Environment

  • Red Hat Enterprise Linux 5, 6, 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content