iptables -A chain -p tcp --tcp-flags RST RST -m length 41:65535 -j OG --log-prefix "RST with data" iptables -A chain -p tcp --tcp-flags RST RST -m length 41:65535 -j DROP
That should do the trick... I believe that a tcp packet with no data will always be 40 bytes. -Joe > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Tim Kelley > Sent: Wednesday, February 20, 2002 8:44 PM > To: [EMAIL PROTECTED] > Subject: rule possible with iptables? > > > Hi all, > > Is it possible to construct a rule in iptables which drops tcp > packets with > RST flagged which also contain a data payload? > > -- > Tim Kelley > [EMAIL PROTECTED] > >
