LinuxQuestions.org - Dropping RST packets with IPFW

- *BSD (https://www.linuxquestions.org/questions/%2Absd-17/)

- - Dropping RST packets with IPFW (https://www.linuxquestions.org/questions/%2Absd-17/dropping-rst-packets-with-ipfw-636398/)

Smokey

04-19-2008 05:08 AM

Dropping RST packets with IPFW

I've been reading the IPFW manpage but it is cryptic and hard to understand. I've been trying to create a rule like this:

iptables -A INPUT -p tcp -dport $CLIENT_PORT# -tcp-flags RST RST -j DROP

Would this be the IPFW equivalent?

ipfw add 00042 drop tcp from any to any in tcpflags rst src-port $CLIENT_PORT#

anomie

04-19-2008 12:27 PM

That looks correct to me, based on what I read in ipfw(8). Wouldn't it be quicker to test this rule than ask here? :)

(Also, I'm curious why you want to block RST packets.)

Smokey

04-19-2008 12:48 PM

I want to drop ISP traffic shaping RST packets. But I think it would be better to block the ISP range than the port, I think I'm setting myself up for trouble since it would block legit RST packets and I would have to wait for a TCP reconnection. I did test it but there is no difference, which led me to ask if I am doing it correctly?

anomie

04-19-2008 02:57 PM

How did you test? I notice nmap(1) has a --scanflags option to allow you to specify, e.g. a TCP RST flag.

All times are GMT -5. The time now is 08:59 AM.