Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#36 IPtables -Bad packets

open
nobody
None
5
2007-08-12
2007-08-12
fireholuser
No

Hi,

Shouldn't tcp flags be "FIN,PSH,URG FIN,PSH,URG" instead of "ALL ALL" ?

#######

malformed-xmas|MALFORMED-XMAS)
local mychain="${pre}_${work_name}_malxmas"
create_chain filter "${mychain}" "${in}_${work_name}" in proto tcp custom "--tcp-flags ALL ALL" || return 1

#######

Discussion

  • Costa Tsaousis
    Costa Tsaousis
    2007-08-20

    Logged In: YES
    user_id=582393
    Originator: NO

    Well, the definitions for XMAS on the netfilter mailing list show it my way.

    Check also this: https://www.umaxx.net/howtos/howto_debian_server.txt
    The XMAS-PSH and NMAP-XMAS described there are handled by firehol with
    the MALFORMED-BAD protection.

    Do you have a reference for the definition you suggest?