On Thursday 2008-06-19 12:50, Jan Engelhardt wrote: >>> >>> Yes, it's a (well known) feature of netfilter. This way we can catch up >>> connections already established. If you do not want to support it, use >>> the last rule you wrote. >> >>I thought it might be useful to block some weird portscans (e.g. nmap xmas >>scan). > >Xmas scans can be matched much more easily - using INVALID, see >http://jengelh.medozas.de/projects/chaostables/ Correction, http://jengelh.medozas.de/documents/Chaostables.pdf chapter 2. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
