Results 1 to 6 of 6
  1. #1

    How-to: Drop INVALID SYN packets with iptables

    Feel free to use the following iptable commands below to drop INVALID SYN packets that sometimes are also used to flood the server..


    /sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
    /sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
    /sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

    --
    Jeff @ LinuxAdmin
    Last edited by apollo; 01-13-2005 at 05:52 AM.

  2. #2
    Join Date
    Oct 2004
    Posts
    294
    Do you think they are good for RHE3 and Fedora 1,2?

  3. #3
    Sure! I see no problem. Make sure you enter/execute above commands in correct order in case you have apf or any other custom rule sets..

  4. #4
    Join Date
    Oct 2004
    Posts
    294
    I have installed apf and bfd - that won't be a problem?

  5. #5
    Join Date
    Sep 2002
    Location
    Among the corn
    Posts
    10,689
    If you're using APF, you'd want to put something like this
    $IPT -A INPUT -i $IN_IF -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
    $IPT -A INPUT -i $IN_IF -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
    $IPT -A INPUT -i $IN_IF -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
    $IPT -A OUTPUT -o $OUT_IF -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
    $IPT -A OUTPUT -o $OUT_IF -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
    $IPT -A OUTPUT -o $OUT_IF -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
    into /etc/apf/firewall
    However, I'd be incredibly surprised if something like this wasn't already in place in apf
    Linux admin, support tech, php developer for hire. PM for more info

  6. #6
    Join Date
    Apr 2002
    Location
    Canada
    Posts
    247
    just trolling old threads -- /etc/apf/bt.rules
    'Make no mistake, the odds are not in your favor -- you have to patch every hole,
    but an attacker need find only one to get into your environment.'

    R-fx Networks - Linux Software & Blog | http://www.rfxn.com

  7. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •