Re: valid INPUT/OUTPUT rule piece?--> '-p tcp --tcp-flags ACK, FIN FIN -j DROP', etc.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: valid INPUT/OUTPUT rule piece?--> '-p tcp --tcp-flags ACK, FIN FIN -j DROP', etc.
Date: Mon, 31 Jan 2005 16:04:38 -0500	[thread overview]
Message-ID: <20050131210438.GA26076@bender.817west.com> (raw)
In-Reply-To: <20050131204217.GG2880@spawar.navy.mil>

On Mon, Jan 31, 2005 at 12:42:17PM -0800, seberino@spawar.navy.mil wrote:
> Thanks for your 2 links.  I really did read both of them carefully.
> They explained SYN, ACK and FIN but not URG, PSH and RST.
> Do you have another great link to explain these last 3 flags? :)

yeah--they're all within "The TCP/IP Guide" which I linked to;
specifically:

PSH:
http://www.tcpipguide.com/free/t_TCPImmediateDataTransferPushFunction.htm

URG:
http://www.tcpipguide.com/free/t_TCPPriorityDataTransferUrgentFunction.htm

RST:
http://www.tcpipguide.com/free/t_TCPConnectionManagementandProblemHandlingtheConnec.htm

you can also read some/all of RFC 793--TRANSMISSION CONTROL PROTOCOL:

http://www.faqs.org/rfcs/rfc793.html

specifically--the section on page 35 titled "Reset Generation" explains
all three states that would lead to the generation of a RST packet, and
all three specify the calculation of an acknowledgment number, whether
the packet that leads to the state had the ACK bit set or not.

this plus observation of real OS's in the real world sending real RST
packets leads me to believe that a real RST packet should have the ACK
bit set.  note; however, that more often than not--i have been proven
to be wrong on these types of things--so take what i say with a grain
of salt.

-j

--
"When will I learn? The answer to life's problems aren't at the bottom
 of a bottle, they're on TV!"
        --The Simpsons

     prev parent reply	other threads:[~2005-01-31 21:04 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-26  0:18 valid INPUT/OUTPUT rule piece?--> '-p tcp --tcp-flags ACK, FIN FIN -j DROP', etc seberino
2005-01-26  0:37 ` Lopsch
2005-01-26  5:26   ` seberino
2005-01-26 19:08     ` Jason Opperisano
2005-01-26 19:40       ` seberino
2005-01-31 20:42       ` seberino
2005-01-31 21:04         ` Jason Opperisano [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050131210438.GA26076@bender.817west.com \
    --to=opie@817west.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.