[arch-general] simple iptabels question
Hello, I have a question on iptables. On the arch wiki, the tutorial on a simple stateful firewall includes the creation of the following rule. # iptables -A INPUT -p tcp --syn -m state --state NEW -j OPEN-TCP Which, to my understanding, meant only pass new TCP streams with the syn flag (the initialize connection or handshake part 1 of 3) to the user defined chain. When I checked the output of iptables, I noticed the following rule. # iptables -L INPUT --line-numbers -v 7 OPEN-TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN state NEW Why is iptables also using the FIN, RST and ACK/SYN flags? Did I not request SYN only like I thought the tutorial said? _________________________________________________________________ The New Busy is not the old busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:W...
writes:
Hello, I have a question on iptables. On the arch wiki, the tutorial on a simple stateful firewall includes the creation of the following rule.
# iptables -A INPUT -p tcp --syn -m state --state NEW -j OPEN-TCP
Which, to my understanding, meant only pass new TCP streams with the syn flag (the initialize connection or handshake part 1 of 3) to the user defined chain. When I checked the output of iptables, I noticed the following rule.
# iptables -L INPUT --line-numbers -v 7 OPEN-TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN state NEW
Why is iptables also using the FIN, RST and ACK/SYN flags? Did I not request SYN only like I thought the tutorial said?
Read the man page of iptables. -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ “He who hasn't hacked assembly language as a youth has no heart. He who does as an adult has no brain.” (John Moore)
participants (2)
-
aerospace1028@hotmail.com
-
wahjava.ml@gmail.com