The problem here is that a new (-m new) tcp packet is always a SYN. Read
on the 3 way TCP connection handshake. It originates with a SYN packet.
I've compiled a list of TCP Packet headers but they must be put in to
their own custom chain since I use the -j RETURN (exits that chain and
returns to the calling chain).
If you know anymore please post them or email me. Thanks.
${IPTABLES} -N tcpchk
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL ACK -m state --state
ESTABLISHED -j RETURN
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL ACK -m state --state
NEW,RELATED -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL PSH,ACK -m state --state
ESTABLISHED -j RETURN
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL PSH,ACK -m state --state
NEW -j RETURN
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL PSH,ACK -m state --state
RELATED -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL NONE -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL ALL -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags RST,FIN RST,FIN -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags SYN,URG SYN,URG -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL SYN,PSH -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL SYN,ACK,PSH -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ACK,FIN FIN -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ACK,PSH PSH -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ACK,URG URG -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL RST -m state --state
ESTABLISHED -j RETURN
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL RST -m state --state
NEW,RELATED -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags SYN,ACK NONE -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL SYN -m state --state NEW -j
RETURN
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL SYN -m state --state
RELATED -j RETURN
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL SYN -m state --state
ESTABLISHED -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL SYN,ACK -m state --state
ESTABLISHED -j RETURN
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL SYN,ACK -m state --state
NEW,RELATED -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL FIN,ACK -m state --state
ESTABLISHED -j RETURN
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL FIN,ACK -m state --state
NEW,RELATED -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL RST,ACK -m state --state
ESTABLISHED -j RETURN
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL RST,ACK -m state --state
NEW -j RETURN
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL RST,ACK -m state --state
RELATED -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL ACK,PSH,RST -m state
--state ESTABLISHED -j RETURN
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL ACK,PSH,RST -m state
--state NEW,RELATED -j DROP
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL FIN,PSH,ACK -m state
--state ESTABLISHED -j RETURN
${IPTABLES} -A tcpchk -p tcp --tcp-flags ALL FIN,PSH,ACK -m state
--state NEW,RELATED -j DROP
${IPTABLES} -A tcpchk -p tcp -m state --state INVALID -j DROP
-----Original Message-----
From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of
hamals@xxxxxxxxxxx
Sent: Tuesday, November 23, 2004 7:18 AM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Cc: franco.riggi@xxxxxxxxxx
Subject: bad tcp packets
Hello to everyone
I'm reading "Iptables Tutorial 1.1.19" by Oskar
Andreasoon, and I cant understand these bad packets rules
$IPTABLES -N bad_tcp_packets
#
#
# bad_tcp_packets chain
#
$IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK
SYN,ACK \
-m state --state NEW -j REJECT --reject-with tcp-reset
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state
--state NEW -j LOG \
--log-prefix "New not syn:"
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state
--state NEW -j DROP
someone could explain me why that are bad tcp packets?
Thanks
_______________________________________
Connessione ed e-mail gratuita da 10 mb
consultabile tramite web e tramite pop.
www.infinito.it vieni a scoprire tutti
i nostri servizi!
http://www.infinito.it/xmail
