[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: TCP SYN packets which have the FIN flag set.

On Fri, 2004-11-05 at 17:13, George Georgalis wrote:
> On Fri, Nov 05, 2004 at 03:04:34PM +0000, Baruch Even wrote:
> 
> >ESTABLISHED,RELATED
> >NEW
> >INVALID
> >pick two to cover the spectrum of attacks.
> 
> Why not all three in this order...
> 
> INVALID -j REJECT 
> ESTABLISHED,RELATED -j ACCEPT
> NEW -j ACCEPT (if allowed)

If you checked INVALID and ESTABLISHED, the rest has to be NEW. You can
check it if you want for completeness, you can avoid checking it to save
a few bits compared.

Baruch
Reply to: