> > > 7. /sbin/iptables -A INPUT -p tcp --dport 53 > > --syn > > > -j ACCEPT #DNS > > > > DNS uses udp for normal lookups. Only in special > > cases tcp is used. > > > I noted --syn can only be used with protocol tcp. How > do I write a similar rule to accept connections to udp > port 53? Packets with syn set are (almost ? someone please correct me if I'm wrong) always in NEW state. So, a similar rule would be : iptables -A INPUT -p udp --dport 53 -j ACCEPT which implies : iptables -A INPUT -m state --state NEW -p udp \ --dport 53 -j ACCEPT > I don't see a good explanation of tcp-flags either on > iptables man pages or Packet Filtering HOWTO. What are > meaning of SYN,ACK,FIN,RST,URG,PSH? What combinations > can be logged/dropped? A little info I found about tcp flags : http://www.whitehats.ca/main/members/Seeker/seeker_tcp_header/seeker_tcp_header.html http://www.spirit.com/Network/net0900.html http://www.securityfocus.com/infocus/1524 I don't think it's all that you want to know about it but it's as much as I could find right now. Not sure what URG and PSH really do. You could DROP : - SYN,FIN SYN,FIN (Both SYN and FIN set in 1 packet.) - SYN,RST SYN,RST (SYN and RST set, probably a scan) - Anybody any additions, comments ? Gr, Rob
