# Is the explanation for these because SYN starts a # connection and it doesn't make sense to reset (RST) # or terminate (FIN) at the same time your initiating (SYN)???
Yes
--tcp-flags SYN,RST SYN,RST -j DROP --tcp-flags SYN,FIN SYN,FIN -j DROP
# Is this obvious in that you can't finish (FIN) and # reset (RST) at the same time?
Yes
--tcp-flags FIN,RST FIN,RST -j DROP
# Can these be explained by simple fact that *ALL* packets # must have ACK set after connection established?? Is that right?
Not sure about that one
# (if yes, could we add 'ACK,RST RST' to drop list as well?)
Don't know
--tcp-flags ACK,FIN FIN -j DROP --tcp-flags ACK,PSH PSH -j DROP --tcp-flags ACK,URG URG -j DROP
-- Michael O'Keefe | [EMAIL PROTECTED] Live on and Ride a 03 BMW F650GSDakar| [EMAIL PROTECTED] / | I like less more or less less than |Work:+1 858 845 3514 / | more. UNIX-live it,love it,fork() it |Fax :+1 858 845 2652 /_p_| My views are MINE ALONE, blah, blah, |Home:+1 760 788 1296 \`O'| blah, yackety yack - don't come back |Fax :+1 858 _/_\|_,
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
