Search squid archive

Squid, Firewall & TCP RST Flags

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Recently, we had some DDoS type attacks on our servers, so in an
attempt to secure our systems, we added some iptables rules, which
seems to work quite well on most of our servers.

Even on systems dedicated to Squid, all seems to run well.  However,
one rule in particular seems to catch up a lot of entries in Squid
machines, which are almost non-existent on the other non-Squid
machines:

-A OUTPUT -p tcp -m tcp --tcp-flags RST RST -j OUTRST -m comment
--comment "OUTPUT: Catch RST pkt"
-A OUTRST -j LOG --log-prefix "OUTRST: "
-A OUTRST -j DROP -m comment --comment "OUTRST:  Drop outbound RST"

>From what we have seen, this does not seem to have a detrimental
affect on Squid Proxy.  But, out of academic interest, we would still
like to learn more on why so many RST packets would be generated from
the server itself.

Can anyone shed some light?

Regards
HASSAN




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux