On Tue, Jul 09, 2002 at 06:50:13PM +0200, Jan Humme wrote: > Questions: > > 1) AFAIK these packets are harmless, correct? Or could some of them be used > in attacks?
Someone can send you these packets to tear down your established tcp sessions. Not that it's easy to do but feasible. > > 2) (Assuming they are harmless:) is it safe then to add a rule: > > $IPTABLES -A FORWARD -m multiport -p tcp -i ppp0 --sports $TCPOUT\ > -j ACCEPT --tcp-flags RST RST > > 3) Is there perhaps a better way to deal with these kinds of packets? > Perhaps i should better use "state" and forget about the flags? Yes. I'd do this. However it doesn't protect you from the case mentioned above. The only solution for that is using IPsec. But then again you cannot run IPsec for all your traffic... Ramin > Jan Humme.
