A firewall flaw that can bypass the Linux kernel's Netfilter functionality was found in how a user handles unencrypted IRC with nf_conntrack_irc configured.