Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPChains ?

From: <hesselsp () ashaman dhs org>
Date: Wed, 21 Feb 2001 10:11:00 -0500 (EST)
To my knowledge: no.

This is a new feature in iptables.
$ man iptables
<snip>
       --tcp-flags [!] mask comp
              Match  when  the  TCP  flags are as specified.  The
              first argument is the flags which we  should  exam
              ine,  written  as  a  comma-separated list, and the
              second argument is a comma-separated list of  flags
              which  must be set.  Flags are: SYN ACK FIN RST URG
              PSH ALL NONE.  Hence the command
               iptables   -A   FORWARD   -p    tcp    --tcp-flags
              SYN,ACK,FIN,RST SYN
              will  only match packets with the SYN flag set, and
              the ACK, FIN and RST flags unset.



On Wed, 21 Feb 2001, Darich Runyan wrote:


Is there a way with IPChains to deny inbound packets with flags other than
SYN if they did not originate from my system?  I have setup a rule that
disallows SYN connections ( using the -j DENY -y -l options ) to the
external interface, but in order for the company internet access to work, it
seems that I needed to allow the other flagged packets in.

Any assistance with this would be appreciated.

Thanks in advance for the help.
Darich

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards



-- 
--Paul

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: