Pascu Dan wrote:
>Hell knows. Oricum ipchains e obsolete si cat timp linia aia e
>stateful scris cu iptables nu prea cred ca poate fi "tradusa" in
>chains. Mai poti incerca si un man ipchains si sa ii dai tu de capat
>singur.
>
>
>
dupa cum zicea si catalin: linia data mai jos folosind iptables NU ARE
A FACE cu partea de stateful din iptables. pur si simplu se uita la
FLAGURIle pachetelor, nu la starea conexiunii
liviu: cit imi aduc eu aminte, ipchains nu stia sa seteze MSS. Ceea ce
poti eventual folosi se rezuma la:
*[!] -y, --syn*
Only match TCP packets with the SYN bit set and the ACK and FIN bits
cleared. Such packets are used to request TCP connection initiation;
for example, blocking such packets coming in an interface will
prevent incoming TCP connections, but outgoing TCP connections will
be unaffected. This option is only meaningful when the protocol type
is set to TCP. If the "!" flag precedes the "-y", the sense of the
option is inverted.
*-t, --TOS* /andmask xormask/
Masks used for modifying the TOS field in the IP header. When a
packet matches a rule, its TOS field is first bitwise and'ed with
first mask and the result of this will be bitwise xor'ed with the
second mask. The masks should be specified as hexadecimal 8-bit
values. As the LSB of the TOS field must be unaltered (RFC 1349),
TOS values which would cause it to be altered are rejected, as are
any rules which always set more than one TOS bit.
>On Wed, 16 Mar 2005 16:29:30 +0200 (EET), Catalin(ux aka Dino) BOIE
><[EMAIL PROTECTED]> wrote:
>
>
>>On Wed, 16 Mar 2005, Mihai Badici wrote:
>>
>>
>>
>>>Cred ca ipchains nu era statefull ... dar poate ma insel, ca atunci cand
>>>m-am apucat eu de astea, aparuse deja iptables...
>>>
>>>
>>Nu are legatura cu partea de statefull.
>>
>>
>>>>iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
>>>>--set-mss 1400
>>>>
>>>>din iptables in ipchains
>>>>
>>>>
---
Detalii despre listele noastre de mail: http://www.lug.ro/
