Matt Schalit wrote:
> > Is there a way to deny any and all SYN packets altogether?
>
> ipchains -A input -j DENY -i eth0 -p tcp ! -y -l
Very bad. Very bad. Very, very bad. ^^^ You wanted to deny
packets with SYN, and I posted how to deny packets *without* SYN.
The following does what you asked and is what I should have posted.
ipchains -A input -j DENY -i eth0 -p tcp -y -l
Meaning:
---------
-A input = add this rule to the input chain
-j DENY = deny all packets which are
-i eth0 = coming in on eth0, the external nic
-p tcp = and the packet is tcp
-y = and the packet has the SYN flag set,
-l = then log these denies to the syslog.
Ok then :-o
Matthew
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
