Re: Newbie Question - John A. Sullivan III

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "John A. Sullivan III" <john.sullivan@nexusmgmt.com>
To: mafioso1823@contourmediagroup.com
Cc: netfilter@lists.netfilter.org
Subject: Re: Newbie Question
Date: Tue, 08 Jun 2004 07:09:53 -0400	[thread overview]
Message-ID: <1086692992.23830.6.camel@localhost> (raw)
In-Reply-To: <MOEOICEDMOAKAHOICANFCEOGEBAA.mafioso1823@contourmediagroup.com>

On Tue, 2004-06-08 at 00:16, mafioso1823@contourmediagroup.com wrote:
> I am trying to use this piece of code that i found in my rc.firewall script
> but it doesn't seem to want to take it can anyone tell me why or how i can
> get this to work?
> 
> #The Mangle portion of the ruleset. Here is where unwanted packet types get
> dropped.
> #This helps in making port scans against your server a bit more time
> consuming and difficult, but not impossible.
> *mangle
> :PREROUTING ACCEPT [444:43563]
> :INPUT ACCEPT [444:43563]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [402:144198]
> :POSTROUTING ACCEPT [402:144198]
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
> FIN,PSH,URG -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
> FIN,PSH,URG -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
> FIN,PSH,URG -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
> FIN,PSH,URG -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
> COMMIT
Hmm . . . loaded fine for me -- I assume the word wrapping on the long
lines was caused by your e-mail editor does not exist in your file.
What happens when you try to load it?
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net

next prev parent reply	other threads:[~2004-06-08 11:09 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-06-08  4:16 Newbie Question mafioso1823
2004-06-08 11:09 ` John A. Sullivan III [this message]
  -- strict thread matches above, loose matches on Subject: below --
2009-07-30 18:03 newbie question Gergely Buday
2004-04-08 11:57 M. Ahmad Ijaz
2004-04-08 12:02 ` Antony Stone
2004-04-08 12:32   ` M. Ahmad Ijaz
2004-04-08 12:41     ` Antony Stone
2004-04-08 12:43     ` ro0ot
2004-04-08 12:32   ` Jeffrey Laramie
2004-04-08 12:47     ` Antony Stone
2004-04-08 12:09 ` Frank Gruellich
2004-04-09  4:33   ` M. Ahmad Ijaz
2004-04-08 16:26 ` Alexis
     [not found] <385FE68A-FB2E-11D7-B96A-000393B2CBCE@apple.com>
2003-10-10 14:43 ` Newbie question Arvanitis Kostas
2003-03-26 17:37 Newbie Question Carlos Cajina
2003-03-26 18:53 ` Joel Newkirk
2003-03-24 15:54 newbie question Scott Melnyk
2003-03-24 16:27 ` Joel Newkirk
2003-02-24 16:23 Newbie Question Jeffrey Corbit
2003-02-24 16:50 ` Aldo S. Lagana
2003-02-16  7:04 Newbie question Shankar; Hari
2003-02-16  7:57 ` Joel Newkirk
2003-02-16 22:50   ` Shankar; Hari
     [not found] <20030120105301.22841.47459.Mailman@kashyyyk>
2003-01-20 15:58 ` newbie question regina
2003-01-20 19:02   ` Maciej Soltysiak
2002-12-08 23:37 Newbie question Glen Spidal
2002-12-10 13:09 ` Bart
2002-11-03 18:51 CVS Respository failures Noah
2002-11-04  9:15 ` Newbie Question Louie
2002-10-22  2:47 William L. Childers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1086692992.23830.6.camel@localhost \
    --to=john.sullivan@nexusmgmt.com \
    --cc=mafioso1823@contourmediagroup.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox