Alan Barrett writes:
> 	- ipf would be willing to accept TCP sequence numbers between
> 	  (N+2800-2048) and (N+2800+2048), but this packet fails the
> 	  test, so ipf blocks this packet.

Thanks!  I didn't realize ipf had a sequence window that it tested the
packet against.  In my case blocking the out-of-order packet with a
rule that sent a tcp-restart back really messed the connection up.

-wolfgang
-- 
Wolfgang Rupprecht    <wolfgang@wsrcc.com>     http://www.wsrcc.com/wolfgang/
DGPS signals via the Internet  http://www.wsrcc.com/wolfgang/gps/dgps-ip.html