On Wednesday 10 December 2003 7:25 pm, Maciej Soltysiak wrote:
> [Oops, sorry there for incomplete mail :)]
> Hi,
>
> > I think to something like that:
> > iptables -t mangle -A INPUT -j TCPFLAG --set-flags FIN,URG
>
> There is no such module. It would be possible to do that.
> If a module like this existed it would be a great way to violate the
> protocol and cause antisocial behaviour of your tcp stack.
There are plenty of ways to do that already - I don't think one more would
hurt.... :)
Enough people think that un-decrementing the TTL field, or DROPping packets
without sending back RST or ICMP, is a bad enough violation of the protocol
(both of these are easily possible with netfilter as it is).
Antony.
--
Perfection in design is achieved not when there is nothing left to add, but
rather when there is nothing left to take away.
- Antoine de Saint-Exupery
Please reply to the list;
please don't CC me.
