iptables --tcp-option ! 2

To: <debian-firewall@lists.debian.org>
Subject: iptables --tcp-option ! 2
From: "Doug" <SupportList@dougtheslug.ca>
Date: Tue, 23 Aug 2005 16:44:02 -0700
Message-id: <[🔎] 01b801c5a83c$8acd1f50$1800a8c0@xp2800>

I keep seeing this in firewall scripts on the net, but I am unable to find an explanation or listing/table of
tcp-options.
The command in question is the following

iptables -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset

Why are [we] only allowing tcp-options of 2?  what are tcp packets with option 2?  what are the other options, and why
do we not want them?

I'm sure it's safe, and likely a good idea to have in, given the number of tutorials that have it in, but I just dislike
the idea of having something in my to be firewall script that I have little understanding of.

thanks in advance!
-rp

Reply to:

Follow-Ups:
- Re: iptables --tcp-option ! 2
  - From: Bernd Eckenfels <lists@lina.inka.de>
- Re: iptables --tcp-option ! 2
  - From: Daniel Pittman <daniel@rimspace.net>

Prev by Date: Re: shaping a little (only some files)
Next by Date: Re: iptables --tcp-option ! 2
Previous by thread: Re: shaping a little (only some files)
Next by thread: Re: iptables --tcp-option ! 2
Index(es):
- Date
- Thread