Hello, Glenn Terjesen a écrit :
What i meant with "experimental tcp options" is that my ids (snort) keept logging these "experimental tcp options" # code 76 length 8 data 01019DEDBEF00005 I know this aint a snort list, but my servers don't serve any services that require this kind of traffic. So i was wondering if iptables has any way of blocking these.
If you have a black list of options you want to drop (or a white list of allowed options), what about the "--tcp-option" option of the "tcp" match ?
These to magic lines fixed it all iptables -A FORWARD -p tcp --tcp-flags ALL ALL -j DROP iptables -A FORWARD -p tcp --tcp-flags ALL NONE -j DROP
I wonder how these rules could drop packets according to TCP options. TCP flag combinations are not TCP options.
