[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

bad_tcp_packets question


In the example from Oskar Andreasson's tutorial, the bad_tcp_packets 
rules filter out NEW packets which have no SYN flag set.

$IPTABLES -N bad_tcp_packets
$IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK -m 
state --state NEW -j REJECT --reject-with tcp-reset

When I use i.e. Kazaa from a desktop with socks5, the firewall created 
a lot of log messages concerning new-not-syn packets. After a bit of 
experimenting I could bring back 90% of these messages using the 
following rule inserted at the top of bad_tcp_packets:

$IPTABLES -A bad_tcp_packets -p tcp -m state --state ESTABLISHED, 

The packets get handled by the rules for socks (danted) and if not get 
logged and then dropped. 

My question now is, does this rule geopardize the safety of this 
firewall box ... I don't think it could or should but it couldn't 
hurt to ask some expert opinions.

Remy Cool

Reply to: