On Thu, Nov 04, 2004 at 06:48:29PM +0100, Luis Pérez Meliá wrote: > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Doesn't match any packets which have the SYN flag set. > iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL SYN -j ACCEPT ^^^^^^^^^^^^^^^^^ Matches SYN packets which have all the other flags unset. So no problem here. The packet filtering code in kernels 2.4.x 2.6.x should not exhibit the behavior Nessus found, unless badly configured. In other words, the problem might lay somewhere in Your iptables configuration/scripts. Using some higher-level firewall configuration utility might be an option? You may want to run Nessus with greater verbosity enabled, if that's possible, and/or use tcpdump(8) to discover what's really going on the wire. Ethereal seems to be quite a good tool if You're not that proficient in TCP/IP and the rather cryptic tcpdump output. HTH, -- Jan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]