valid INPUT/OUTPUT rule piece?--> '-p tcp --tcp-flags ACK, FIN FIN -j DROP', etc.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Please explain these:

$IPTABLES -t filter -A INPUT -p tcp --tcp-flags ACK,FIN FIN   -j DROP
$IPTABLES -t filter -A INPUT -p tcp --tcp-flags ACK,PSH PSH   -j DROP
$IPTABLES -t filter -A INPUT -p tcp --tcp-flags ACK,URG URG   -j DROP
$IPTABLES -t filter -A INPUT -p tcp --tcp-flags ALL     NONE  -j DROP

Do first 3 imply you must send ACK when you send a FIN, PSH or URG?

And does last mean you must set *some* TCP flag always?

CS
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux