Am Don, 2003-09-04 um 10.50 schrieb Atsushi Nakagawa: > What iptables table/rule can I use to drop RST (TCP) packets that're in > reply to SYN? > This is what I want it to do: > > -SYN-> [NEW] -SYN-> > [CLOSED] <-RST- > ^ > IF TCP & [NEW]: DROP '<-RST-' & SET [CLOSED] Using the current state implementation, AFAIK this is not possible. The RST is already an established packet. There is no way to differentiate between this RST and a later valid and needed RST packet. You can only drop all RST packets -m state --state ESTABLISHED -p tcp --tcp-flags RST,ACK RST,ACK -j DROP Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
