In the example from Oskar Andreasson's tutorial, the bad_tcp_packets
rules filter out NEW packets which have no SYN flag set.
$IPTABLES -N bad_tcp_packets
$IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK -m
state --state NEW -j REJECT --reject-with tcp-reset
When I use i.e. Kazaa from a desktop with socks5, the firewall created
a lot of log messages concerning new-not-syn packets. After a bit of
experimenting I could bring back 90% of these messages using the
following rule inserted at the top of bad_tcp_packets:
$IPTABLES -A bad_tcp_packets -p tcp -m state --state ESTABLISHED,
RELATED -j RETURN
The packets get handled by the rules for socks (danted) and if not get
logged and then dropped.
My question now is, does this rule geopardize the safety of this
firewall box ... I don't think it could or should but it couldn't
hurt to ask some expert opinions.