IPtables -Bad packets

Brought to you by: ktsaou, philwhineray

This project can now be found here.

#36 IPtables -Bad packets

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2007-08-12

Created: 2007-08-12

Creator: fireholuser

Private: No

Hi,

Shouldn't tcp flags be "FIN,PSH,URG FIN,PSH,URG" instead of "ALL ALL" ?

#######

malformed-xmas|MALFORMED-XMAS)
local mychain="${pre}_${work_name}_malxmas"
create_chain filter "${mychain}" "${in}_${work_name}" in proto tcp custom "--tcp-flags ALL ALL" || return 1

#######

Discussion

Costa Tsaousis - 2007-08-20

Logged In: YES
user_id=582393
Originator: NO

Well, the definitions for XMAS on the netfilter mailing list show it my way.

Check also this: https://www.umaxx.net/howtos/howto_debian_server.txt
The XMAS-PSH and NMAP-XMAS described there are handled by firehol with
the MALFORMED-BAD protection.

Do you have a reference for the definition you suggest?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

IPtables -Bad packets

Group

Searches

Help

#36 IPtables -Bad packets

Discussion