apollo
01-13-2005, 05:49 AM
Feel free to use the following iptable commands below to drop INVALID SYN packets that sometimes are also used to flood the server..
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
--
Jeff @ LinuxAdmin
bloodyman
03-13-2005, 07:03 PM
Do you think they are good for RHE3 and Fedora 1,2?
apollo
03-14-2005, 03:24 AM
Sure! I see no problem. Make sure you enter/execute above commands in correct order in case you have apf or any other custom rule sets..
bloodyman
03-14-2005, 08:35 AM
I have installed apf and bfd - that won't be a problem?
linux-tech
03-19-2005, 08:51 PM
If you're using APF, you'd want to put something like this
$IPT -A INPUT -i $IN_IF -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
$IPT -A INPUT -i $IN_IF -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -A INPUT -i $IN_IF -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A OUTPUT -o $OUT_IF -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
$IPT -A OUTPUT -o $OUT_IF -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -A OUTPUT -o $OUT_IF -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
into /etc/apf/firewall
However, I'd be incredibly surprised if something like this wasn't already in place in apf :)
just trolling old threads -- /etc/apf/bt.rules
