-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 2 Feb 2006, P theodorou wrote:
Could someone explain the tcp-flag options
like the following line what does it mean ?
tcp-flags SYN,RST SYN,RST
why between RST and SYN there is no comma?
The man page is fairly clear on this;
- --tcp-flags [!] mask comp
Match when the TCP flags are as specified. The first
argument is the flags which we should examine, written as a comma-separated list,
and the second argument is a comma-separated list of flags which must be set.
Flags are: SYN ACK FIN RST URG PSH ALL NONE. Hence the command
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN
will only match packets with the SYN flag set, and the ACK, FIN and RST
flags unset.
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFD4aZVst+vzJSwZikRAv4yAJ4gJBE5JhK7TLmBERIb6YYVYYHYKgCbBSHd
yHIzyHTMlLSCHFjNce2qMN0=
=z/zz
-----END PGP SIGNATURE-----
