Hello Guys,
I was reading an interesting thing about iptables (
http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial
.html#AEN1632 ). It explains that iptables CAN recognize packets that
have the syn bit OFF as state NEW. The author of the document recomends:
$IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j
LOG --log-prefix "New not syn:"
$IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
That makes completly sense. NEW packets with syn bit turned off
should never exists in real world.
I'm having, as the author warned, some packets being logged by this
rule. Altough, machine is working completly fine and no clients have
complained about it. So, it seems it's really some 'nasty' tcp/ip
implementation.
Questions are: Do somebody here have ever studied about this
'feature' of iptables ?? Can you imagine some problem generated by this
rule ??
Note: I do NOT have two firewalls and I'll probably dont. So, the
redundant firewall explained by the author is not applied for me, as so
it shouldnt be for lots of iptables users, that have just one machine.
Sincerily,
Leonardo Rodrigues
Persocom Network
This archive was generated by hypermail 2b30 : Tue Dec 11 2001 - 10:12:40 PST