Please explain these:
$IPTABLES -t filter -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP $IPTABLES -t filter -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP $IPTABLES -t filter -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP $IPTABLES -t filter -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
Do first 3 imply you must send ACK when you send a FIN, PSH or URG?
And does last mean you must set *some* TCP flag always?
CS
Exactly. The first 3 rules are used for dropping packets which have set FIN, PSH and URG but without a set ACK-flag. The last one prevents empty packets (none flag set) to enter your network. As often such packets are used by portscans it is useful to drop them. Jason posted a link some time ago with a list of rules to perform tcp checks http://www.stearns.org/modwall/sample/tcpchk-sample
--
PGP-ID 0xF8EAF138
Attachment:
signature.asc
Description: OpenPGP digital signature
