Glenn, Not sure what you mean by "experimental" however, there are some conditions of flags that should never occur on the network. These can be trapped with rules similar to the following. iptables -A BLOCKED -m state --state INVALID -j LOG-AND-DROP iptables -A BLOCKED -p tcp --tcp-flags ALL ALL -j LOG-AND-DROP iptables -A BLOCKED -p tcp --tcp-flags ALL NONE -j LOG-AND-DROP --marc > -----Original Message----- > From: Glenn Terjesen [mailto:glenn@xxxxxxxxx] > Sent: Wednesday, May 16, 2007 5:24 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: is it possible to block ip packets that contains > experimental tcp options ? > > Hello, > got a iptables firewall filtering our servers. > > Is it possible to block tcp packets that contains > experimental tcp options ? > > AND is it smart to do so ? > > > -- > Mvh Glenn Terjesen @ Webcat AS > Tlf: +47 37 02 20 20 > E-post: support@xxxxxxxxx >
