Re: question about --tcp-flags

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Opperisano <opie@817west.com>
To: Netfilter-Mailinglist <netfilter@lists.netfilter.org>
Subject: Re: question about --tcp-flags
Date: Thu, 2 Dec 2004 18:11:55 -0500	[thread overview]
Message-ID: <20041202231155.GA6712@bender.817west.com> (raw)
In-Reply-To: <41AF9255.4040408@lopsch.com>

On Thu, Dec 02, 2004 at 11:08:21PM +0100, Lopsch wrote:
> I only want to know how iptables uses this option. For example 
> --tpc-flags SYN,ACK,RST SYN  how is it then used? Am I right that the 
> flags SYN,ACK,RST are inspected and only the SYN flag is allowed to be 
> set?

yes.  "--tcp-flags SYN,ACK,RST SYN" means:

out of the flags SYN, ACK, RST:

  SYN is set
  ACK is not set
  RST is not set

the flags FIN, URG, PSH are not examined and may be either set or not
set.

> Or is it so that SYN,ACK,RST are inspected and the SYN flag must be 
> set but the other are optional so that all can be set but only SYN has 
> to be set? I´m a little confused :). And another question what flags 
> cobos are allowed/not allowed. I only know about a few so SYN,RST set is 
> an illegal set also SYN,FIN. Or SYN,ACK when initiating a connection.

i've seen this list pop up here and there:

  http://www.stearns.org/modwall/sample/tcpchk-sample

seems pretty complete to me.

the most common ones you see people creating DROP rules for are:

  ALL		ALL
  ALL		NONE
  SYN,FIN	SYN,FIN
  ALL		FIN,URG,PSH
  SYN,RST 	SYN,RST
  FIN,RST 	FIN,RST
  FIN,ACK 	FIN

-j

--
"I have been shot eight times this year, and as a result, I almost
 missed work."
        --The Simpsons

next prev parent reply	other threads:[~2004-12-02 23:11 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-12-02 22:08 question about --tcp-flags Lopsch
2004-12-02 23:11 ` Jason Opperisano [this message]
2004-12-02 22:34   ` Lopsch
2004-12-02 23:08     ` Jason Opperisano
2004-12-02 23:44       ` Lopsch
2004-12-02 23:57         ` Jason Opperisano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20041202231155.GA6712@bender.817west.com \
    --to=opie@817west.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.