--state NEW -j DROP (would be great)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
Could somebody please explain the 'iptables -A INPUT -eth0 -m state --state NEW -j DROP' a bit more for me ? I understand that it won't allow any outside initiated inbound connections into a network. However occasionally if I'm doing a tcpdump we see things like:
21:04:48.935367 IP 82.29.180.221.15378 > 213.17.40.204.4154: R 0:0(0) ack 1 win 0 21:04:48.935447 IP 82.29.180.221.15378 > 213.17.40.204.4154: R 0:0(0) ack 1 win 0 21:04:48.935455 IP 82.29.180.221.15378 > 213.17.40.204.4154: R 0:0(0) ack 1 win 0 21:04:48.935537 IP 82.29.180.221.15378 > 213.17.40.204.4154: R 0:0(0) ack 1 win 0 21:04:48.935545 IP 82.29.180.221.15378 > 213.17.40.204.4154: R 0:0(0) ack 1 win 0 21:04:48.935629 IP 82.29.180.221.15378 > 213.17.40.204.4154: R 0:0(0) ack 1 win 0 21:04:48.935637 IP 82.29.180.221.15378 > 213.17.40.204.4154: R 0:0(0) ack 1 win 0 21:04:48.935812 IP 82.29.180.221.15378 > 213.17.40.204.4154: R 0:0(0) ack 1 win 0 21:04:48.935821 IP 82.29.180.221.15378 > 213.17.40.204.4154: R 0:0(0) ack 1 win 0 21:04:48.936045 IP 82.29.180.221.15378 > 213.17.40.204.4154: R 0:0(0) ack 1 win 0 21:04:48.936053 IP 82.29.180.221.15378 > 213.17.40.204.4154: R 0:0(0) ack 1 win 0 21:04:48.936153 IP 82.29.180.221.15378 > 213.17.40.204.4154: R 0:0(0) ack 1 win 0
What is that and shouldn't it be dropped ? Or is the : R 0:0(0) ack 1 win 0 part of it a already establish connection ? Although that's one of our IP's it's not active on our network. 

Any ideas / advice  would be greatly appreciated !

Regards
Sylvan
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux