>> When tyring to set up the rule: >> >> iptables -A INPUT --protocol tcp --tcp-flags ALL SYN,ACK -j DROP >> > > I just tried this with iptables 1.3.5, linux-2.6.16-xen: > > iptables -A INPUT -p tcp -m tcp \ > --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN,ACK -j DROP > > and it works. And if you drop "-m tcp" now, since that should be implied by "-p tcp"? Jan Engelhardt --
