Help - Search - Members - Calendar
Full Version: Linux Iptables
Linuxhelp > Support > Technical Support
I had encounter this part of firewall script. But I dunno wat does it means. Can anyone out there can help me to interprete it. Please I need it urgently.

# These are all TCP flag combinations that should never, ever, occur in the
# wild. All of these are illegal combinations that are used to attack a box
# in various ways.
$IPTABLES -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j tcpflags
i don't know much about iptables but... what is this file? is this all of it?
also what distro are you running? (it's usually standard practice to tell everyone what distro and version you're running when asking for help)

Those are just a few of the very standard iptables rules. Iptables is your firewall program. Rules can be added (by root) to tell the kernel how to deal with packets sent to your machine. The command "iptables -L" will list all of your current rules.

The man page for iptables is pretty good and will help explain what these rules specify, and can be accessed by typing "man iptables"

This particular set of rules is protecting your computer from specific types of invalid tcp packets you could be exposed to.


Jim Dishaw
The -j tcpflags means that somewhere where else, that action is defined ... probably to log the information, then DROP it.

Lots of firewall scripts DROP those combinations to prevent attacks.

Take a look at this:

I personally use this firewall script, which doesn't block bad flags, but bad flags are a valid concern.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2018 Invision Power Services, Inc.