I amnot very clear about the mechanism of TCP SPI in lns. Does it start to perform the statful check from the very first SYN-flag in/outbound packet and continue throughout the whole connecting process? IF so, it should block ALL TCP packets which donot belong to the all active connections. In this case, it would be enough for us to block only the inbound initial TCP connections, i.e., the inbound SYN-flag packets. So why do we still need many additional rules for the abnormal TCP packets in the ruleset? Do I understand wrongly about this problem?