On May 16 2007 08:18, Marc Cozzi wrote: > >Not sure what you mean by "experimental" however, there are >some conditions of flags that should never occur on the >network. These can be trapped with rules similar to the following. > >iptables -A BLOCKED -m state --state INVALID -j LOG-AND-DROP >iptables -A BLOCKED -p tcp --tcp-flags ALL ALL -j LOG-AND-DROP >iptables -A BLOCKED -p tcp --tcp-flags ALL NONE -j LOG-AND-DROP Uhm, I think it is valid for a packet to carry no flags at all. (Regular data packet without TCP Selective ACK) Check up on http://jengelh.hopto.org/p/chaostables/ to see how to block evil stuff. Jan --
