On Thu, Dec 02, 2004 at 11:08:21PM +0100, Lopsch wrote: > I only want to know how iptables uses this option. For example > --tpc-flags SYN,ACK,RST SYN how is it then used? Am I right that the > flags SYN,ACK,RST are inspected and only the SYN flag is allowed to be > set? yes. "--tcp-flags SYN,ACK,RST SYN" means: out of the flags SYN, ACK, RST: SYN is set ACK is not set RST is not set the flags FIN, URG, PSH are not examined and may be either set or not set. > Or is it so that SYN,ACK,RST are inspected and the SYN flag must be > set but the other are optional so that all can be set but only SYN has > to be set? I´m a little confused :). And another question what flags > cobos are allowed/not allowed. I only know about a few so SYN,RST set is > an illegal set also SYN,FIN. Or SYN,ACK when initiating a connection. i've seen this list pop up here and there: http://www.stearns.org/modwall/sample/tcpchk-sample seems pretty complete to me. the most common ones you see people creating DROP rules for are: ALL ALL ALL NONE SYN,FIN SYN,FIN ALL FIN,URG,PSH SYN,RST SYN,RST FIN,RST FIN,RST FIN,ACK FIN -j -- "I have been shot eight times this year, and as a result, I almost missed work." --The Simpsons
