Anthony: > -----Original Message----- > From: Antony Stone [mailto:Antony@xxxxxxxxxxxxxxxxxxxx] > Sent: Monday, March 8, 2004 08:32 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: Firewall Script Help > > On Monday 08 March 2004 8:12 pm, David Cannings wrote: > > > > 0 0 DROP tcp -- any any anywhere > > > anywhere tcp flags:FIN,ACK/FIN > > > > As I understand it, this means "check the flags FIN and ACK, only match if > > FIN is set and ACK isn't". This would match packets that only have the > > FIN flag set, which I am fairly sure are valid. I may need correcting on > > this issue, however. > > You are correct. > [...] Packets that only have the FIN flag set are valid -- but I believe would be taken care of by the ESTABLISHED,RELATED rule. The FIN FLAG rule I entered just in case someone decided to bombard my systems with FIN flag packets only... Is that an unneeded rule to protect against a DoS attack?
