Hello Guys, I was reading an interesting thing about iptables ( http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial .html#AEN1632 ). It explains that iptables CAN recognize packets that have the syn bit OFF as state NEW. The author of the document recomends: $IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "New not syn:" $IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP That makes completly sense. NEW packets with syn bit turned off should never exists in real world. I'm having, as the author warned, some packets being logged by this rule. Altough, machine is working completly fine and no clients have complained about it. So, it seems it's really some 'nasty' tcp/ip implementation. Questions are: Do somebody here have ever studied about this 'feature' of iptables ?? Can you imagine some problem generated by this rule ?? Note: I do NOT have two firewalls and I'll probably dont. So, the redundant firewall explained by the author is not applied for me, as so it shouldnt be for lots of iptables users, that have just one machine. Sincerily, Leonardo Rodrigues Persocom Network
This archive was generated by hypermail 2b30 : Tue Dec 11 2001 - 10:12:40 PST