Please do not CC me on list replies. It's in the header, it's in my signature, it's in the list policy. also sprach Baruch Even <baruch@ev-en.org> [2004.11.05.1229 +0100]: > This comes from the fact that the NEW state of Netfilter only > means that this is the first time this connection is seen by the > firewall. What you really want is the connection to be NEW and > a valid connection opening, so you check the SYN flag too. Why do you care about the connection being NEW? I am not challenging, I just can't figure out an attack scenario that could exploit the fact that I only check for --syn. > A former e-mail of mine explains why the --tcp-flags ALL SYN check > is a bad idea. You say to use "RST,ACK,FIN,SYN SYN" which makes sense. If you use --syn and iptables-save, "RST,ACK,SYN SYN" is stored, so this is what --syn seems to mean. Why does --syn not set FIN in the mask? -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature