I use Firehol to firewall my server from the outside world, I have noticed packets being dropped coming in on correct ports. After a little investigation it turns out the netblocks these packets were coming from have recently been made available to registires, Firehol didn’t have an up to date list of the reserved ips and so was blocking these connections. On my debian system I modified the RESERVED_IPS variable to be as below, instead of the current value.
0.0.0.0/7 2.0.0.0/8 5.0.0.0/8 7.0.0.0/8 23.0.0.0/8 27.0.0.0/8 31.0.0.0/8 36.0.0.0/7 39.0.0.0/8 42.0.0.0/8 77.0.0.0/8 78.0.0.0/7 92.0.0.0/6 96.0.0.0/4 112.0.0.0/5 120.0.0.0/8 127.0.0.0/8 173.0.0.0/8 174.0.0.0/7 176.0.0.0/5 184.0.0.0/6 197.0.0.0/8 223.0.0.0/8 240.0.0.0/4