Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Linux Iptables, Linux Ip Tables command with TCPFlags
Linuxkid
post Sep 30 2004, 12:57 AM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 1
Joined: 30-September 04
Member No.: 3,865



I had encounter this part of firewall script. But I dunno wat does it means. Can anyone out there can help me to interprete it. Please I need it urgently.

# These are all TCP flag combinations that should never, ever, occur in the
# wild. All of these are illegal combinations that are used to attack a box
# in various ways.
$IPTABLES -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j tcpflags
Go to the top of the page
 
+Quote Post
Is_907
post Sep 30 2004, 08:50 AM
Post #2


Whats this Lie-nix Thing?
*

Group: Members
Posts: 10
Joined: 29-September 04
Member No.: 3,860



i don't know much about iptables but... what is this file? is this all of it?
also what distro are you running? (it's usually standard practice to tell everyone what distro and version you're running when asking for help)
Go to the top of the page
 
+Quote Post
dishawjp
post Oct 1 2004, 10:13 AM
Post #3


./configure
***

Group: Members
Posts: 56
Joined: 8-April 04
Member No.: 2,734



Linuxkid,

Those are just a few of the very standard iptables rules. Iptables is your firewall program. Rules can be added (by root) to tell the kernel how to deal with packets sent to your machine. The command "iptables -L" will list all of your current rules.

The man page for iptables is pretty good and will help explain what these rules specify, and can be accessed by typing "man iptables"

This particular set of rules is protecting your computer from specific types of invalid tcp packets you could be exposed to.

HTH,

Jim Dishaw


--------------------
Registered Linux User 294493
Go to the top of the page
 
+Quote Post
hughesjr
post Oct 4 2004, 05:39 AM
Post #4


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



The -j tcpflags means that somewhere where else, that action is defined ... probably to log the information, then DROP it.

Lots of firewall scripts DROP those combinations to prevent attacks.

Take a look at this:
http://lists.debian.org/debian-firewall/20...0/msg00075.html

I personally use this firewall script, which doesn't block bad flags, but bad flags are a valid concern.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 23rd October 2017 - 08:42 AM