Hi! On Friday 05 November 2004 12:27, Baruch Even wrote: > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL SYN -j ACCEPT > > Please dont do that!
> You can use SYN,ACK,FIN,RST SYN to check for illegal flags. Shouldn't iptables -A INPUT -m state --state INVALID -j DROP as the _first_ rule take care of all packages with illegal flags? Unfortunately, I haven't found any documentation what exactly is considered INVALID. Anybody? Cheers, Stefan -- Technische Universitaet Muenchen Raum: 1131 Physik-Department T39 Tel.: 089/289-12197 James-Franck-Strasse E-Mail: [EMAIL PROTECTED] D-85748 Garching -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
