[lug] ipfilter DOS
jd
lug at taproot.bz
Mon Jan 6 15:15:37 MST 2003
> >
> >
> > $IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j LOG
> > --log-prefix "New not syn:" $IPTABLES -A INPUT -p tcp ! --syn -m state
> > --state NEW -j DROP
> >
> Hello,
> after reading this I would like to apply the "new not SYN" rule. One
> question...if a connection makes it into the connection table, are
> anymore packets checked from that connection after the initial matches
> that allowed the connections first packet. And it seems that it would
> continue to match following packets against the state table when using
> -m --state RELATED,ESTABLISHED. So if i logged all "new not SYN" would
> this log every packet after the handshake? Should i put
> the RELATED,ESTABLISHED before "new not SYN". Just wondering the best
> way to apply "new not SYN" and if there is anything I should be aware
> of.
>
I guess the --state NEW says it all lol. Would it be ok to also do....
iptables -A INPUT -d X.X.X.X -p tcp ! --syn \
-m state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -s X.X.X.X -p tcp ! --syn \
-m state RELATED,ESTABLISHED -j ACCEPT
where X.X.X.X is me, should OUTPUT rule just match ESTABLISHED
would this ever cut into legit traffic.
TIA,
jd
More information about the LUG
mailing list