[lug] ipchains and SYN packets
D. Stimits
stimits at idcomm.com
Sun Jan 20 15:32:23 MST 2002
Nevermind, I forgot to specify tcp, and there is no -y --syn for udp, so
it failed. Once I explicitly set tcp, it worked. Damn, I really need a
tape backup, or full journalling instead of meta journalling (XFS and
ReiserFS are both meta as far as I know, and ext3 isn't ready for prime
time).
D. Stimits, stimits at idcomm.com
"D. Stimits" wrote:
>
> I found a nasty problem in RH 7.1, that syslogd tries to restart 6 times
> when it comes to its time (via cron I assume). Doing certain things at
> exactly the time of the restart is fatal, such as shutdown or restarting
> xinetd. I lost my entire ipchains rule set, aside from an old backup (I
> do not use iptables, I use ipchains). Now I'm trying to figure out some
> old rules, and having no luck with SYN packets. I should be able to deny
> all incoming ssh port 22 packets that are SYN packets with the -y or
> --syn, but this does not work, it kills my script. If -y and --syn are
> no longer used on ipchains (not iptables), how do I specify syn packets?
> Consider the abbreviated lines that RH uses in /etc/sysconfig/ipchains,
> I can deny all input of ssh port via:
> -A input -s 0/0 -d 127.0.0.1/8 -i ppp0 -j DENY
>
> I want to deny SYN packets only though, any suggestions? -y and --syn
> cause failure, at least in the variations I tried.
>
> D. Stimits, stimits at idcomm.com
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list