TCP flags

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

> Can anyone just explain what is this means?
>
> iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
>
> I don't quite understand why there is a white space between SYN,FIN and
> SYN,FIN.
iptables -p tcp --help
explains that it is:
 --tcp-flags [!] mask comp   match when TCP flags & mask == comp
                             (Flags: SYN ACK FIN RST URG PSH ALL NONE)

So if we want tcp packets having only SYN and FIN set, and no other flags,
we need the packets flags & SYN|FIN == SYN|FIN.

Where & means a logical AND.
Example.
IF a packet comes with SYN|ACK|FIN flags set, we logically AND it with
SYN|FIN (mask), we get SYN|FIN, and thus we get a match with SYN|FIN (comp)


Regards,
Maciej Soltysiak
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux