s�n, 2002-04-28 kl. 23:15 skrev Simon Oosthoek: > ACCEPT tcp -- anywhere anywhere state NEW tcp >flags:FIN,SYN,RST,ACK/SYN
To my mind, defining FIN, RST and ACK as allowable for "NEW" connections, you're laying your machines open to all kinds of nastiness. DoS attacks, nuking, goodness knows what. By definition, NEW=SYN and after that, the connection is ESTABLISHED. In my standard filter (that I'm using now on my laptop), I have the rule: ## Make sure NEW tcp connections are SYN packets iptables -A INPUT -i $IFACE0 -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "NEW-NOT-SYN: " iptables -A INPUT -i $IFACE0 -p tcp ! --syn -m state --state NEW -j DROP Tony -- Tony Earnshaw e-post: [EMAIL PROTECTED] www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
signature.asc
Description: Dette er en digitalt signert meldingsdel
