Green,

Thanks for the info. I used iptables once when setting up a VPN, but I just followed instructions. It's obviously way more intricate than UFW lets on.

Also thanks to Mike for the really good blog post about operational security. It was really informative.


On Aug 4, 2016 8:49 PM, "Green Dream" <greendream848@gmail.com> wrote:
P.S. Tristan, here's the explanation from that mailing list... just in case people can't access the link or it goes away:

"Yes, it has everything to do with those flag bits. For TCP connections, Linux tends to use a "half-duplex" close sequence where either side of the session can initiate connection termination via a single 2 way FIN-ACK handshake (which puts the connection into the CLOSE_WAIT state), instead of a full 4 way FIN-ACK handshake. When one also includes routers and such, it is not uncommon, indeed common, that one side might think the connection has been terminated, while the other side thinks it has still open or not fully terminated. Your log file is, most probably, showing entries for cases where your computer thinks the tcp had been closed and it has forgotten about it, but the client is trying to close the session. In the case where you got a RST bit, it can be because the client gave up trying the FIN method and now is just trying to reset the connection. By observation only, rather than authoritative reference, it seems that Apple computers tend to use FIN and FIN-ACK more, and MS windows computers tend to use RST more.

Conclusion: Everything is fine."


_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays