On Fri, 2005-03-11 at 12:12, seberino@xxxxxxxxxxxxxxx wrote: > I'm skeptical ANYONE really understands all of these. The ones that really bug me are the ones that insist that all FIN, PSH and URG packets > must have ACK set. Who would have know that? > > e.g. /usr/bin/sudo /sbin/iptables -A tcpchk -p tcp --tcp-flags ACK,FIN > FIN -j DROP because FIN's need to be ACKnowledged, which means they need to have an acknowledgment number; therefore the ACK bit needs to be set. i doubt there's a statement in RFC 793 that says "FIN packets must have the ACK bit set" but reading page 39 should lead you to the conclusion that a FIN with no ACK bit just doesn't make sense. -j -- "What's the point of going out, we're just going to end up back here anyway?" --The Simpsons
