Hello, Aaron Lewis a écrit : > > How should I understand --tcp-flags option? > > 1) There's two parameters, why need two of them? It allows to match packets with some flags cleared. > e.g I might just need to match a packet with SYN and RST bit set, > why do I need to place it for twice (--tcp-flags SYN RST, SYN RST Wrong syntax. > 2) What does this mean? I don't really get what "mask" and "comp" do here The mask specifies which flags must be examined, and the comp which flags must be set. Therefore flags in the mask but not in the comp must be cleared. Flags not in the mask may have any value. > --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN This means match if FIN,SYN set and RST,PSH,ACK,URG cleared. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
