Yes I know but the manpages donÂt work here donÂt know why. Hmm but then itÂs better to explicit drop packets like ... --tcp-flags SYN,FIN SYN,FIN before using a line like this ... --syn -m state --state NEW ... because this would also allow the usage of SYN,FIN for new connections. And thatÂs not a legal set. Or isnÂt it necessary to drop those packets because TCP will take care of that and send RST for them?On Thu, 2004-12-02 at 17:34, Lopsch wrote:
ThankÂs will take look at that list :). But a last question. --syn is the same as --tcp-flags ALL SYN?
no. "--syn" is the example you asked about:
--tcp-flags SYN,RST,ACK SYN
this is clearly explained in 'man iptables' btw...
-j
-- "Fame was like a drug. But what was even more like a drug were the drugs." --The Simpsons
Attachment:
signature.asc
Description: OpenPGP digital signature
