Re: IPtables Question II: `Hostile' Flags
Sorry, I missed the previous mails in this discussion.
If you have stateful firewall, shouldn't this be sufficient:
$IPTABLES -A ch_tcp -p TCP -i $INET_IFACE \! --syn \
-m state --state NEW -j ch_bad
(ch_bad logs in warning level and drops the packet)
But I remember that when I tested it with nmap, some types of stealth scan
(only NULL?) didn't show up in the logs... I also have this rule:
$IPTABLES -A ch_tcp -p TCP -i $INET_IFACE --tcp-flags ALL NONE \
-m state --state NEW -j ch_bad
Regards,
--
Adriano
Reply to: