[arch-general] simple iptabels question
aerospace1028 at hotmail.com
aerospace1028 at hotmail.com
Thu Jul 22 07:35:47 EDT 2010
Hello,
I have a question on iptables. On the arch wiki, the tutorial on a simple stateful firewall includes the creation of the following rule.
# iptables -A INPUT -p tcp --syn -m state --state NEW -j OPEN-TCP
Which, to my understanding, meant only pass new TCP streams with the syn flag (the initialize connection or handshake part 1 of 3) to the user defined chain. When I checked the output of iptables, I noticed the following rule.
# iptables -L INPUT --line-numbers -v
7 OPEN-TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN state NEW
Why is iptables also using the FIN, RST and ACK/SYN flags? Did I not request SYN only like I thought the tutorial said?
_________________________________________________________________
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3
More information about the arch-general
mailing list