Results 1 to 6 of 6

Hybrid View

  1. #1
    Join Date
    Feb 2002
    Posts
    2,120

    How-to: Drop INVALID SYN packets with iptables

    Feel free to use the following iptable commands below to drop INVALID SYN packets that sometimes are also used to flood the server..


    /sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
    /sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
    /sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

    --
    Jeff @ LinuxAdmin
    Last edited by apollo; 01-13-2005 at 05:52 AM.

  2. #2
    Join Date
    Oct 2004
    Posts
    302
    Do you think they are good for RHE3 and Fedora 1,2?

  3. #3
    Join Date
    Feb 2002
    Posts
    2,120
    Sure! I see no problem. Make sure you enter/execute above commands in correct order in case you have apf or any other custom rule sets..

  4. #4
    Join Date
    Oct 2004
    Posts
    302
    I have installed apf and bfd - that won't be a problem?

  5. #5
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    If you're using APF, you'd want to put something like this
    $IPT -A INPUT -i $IN_IF -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
    $IPT -A INPUT -i $IN_IF -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
    $IPT -A INPUT -i $IN_IF -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
    $IPT -A OUTPUT -o $OUT_IF -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
    $IPT -A OUTPUT -o $OUT_IF -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
    $IPT -A OUTPUT -o $OUT_IF -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
    into /etc/apf/firewall
    However, I'd be incredibly surprised if something like this wasn't already in place in apf
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  6. #6
    Join Date
    Apr 2002
    Location
    Troy, MI
    Posts
    324
    just trolling old threads -- /etc/apf/bt.rules
    Ryan MacDonald
    Lead Administrator | TotalChoice Hosting
    Choice Does Matter! | Serving over 26,000 clients

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •