Hi there, I have not received an answer as of yet. Any thoughts or are you also seeking an answer to the same question? On Mon, Feb 8, 2010 at 9:37 PM, Weedy <weedy2887@xxxxxxxxx> wrote: > On Thu, Feb 4, 2010 at 6:41 AM, paddy joesoap <paddyjoesoap@xxxxxxxxx> wrote: >> Hi all, >> >> Does the INVALID state filter prevent port (nmap) scans? >> >> That is, would the following stateful rule: >> >> iptables -A INPUT -m state --state INVALID -j DROP >> >> do the same job as the following stateless rules? >> >> iptables -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -m -j DROP >> iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP >> iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP >> iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP >> iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP >> iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP >> iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP >> iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP >> iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP >> etc etc. >> > > Did this guy ever get an answer? > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
