LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices



Reply
 
Search this Thread
Old 04-19-2008, 06:08 AM   #1
Smokey
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 311

Rep: Reputation: 30
Dropping RST packets with IPFW


I've been reading the IPFW manpage but it is cryptic and hard to understand. I've been trying to create a rule like this:

iptables -A INPUT -p tcp -dport $CLIENT_PORT# -tcp-flags RST RST -j DROP

Would this be the IPFW equivalent?

ipfw add 00042 drop tcp from any to any in tcpflags rst src-port $CLIENT_PORT#
 
Old 04-19-2008, 01:27 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
That looks correct to me, based on what I read in ipfw(8). Wouldn't it be quicker to test this rule than ask here?

(Also, I'm curious why you want to block RST packets.)
 
Old 04-19-2008, 01:48 PM   #3
Smokey
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 311

Original Poster
Rep: Reputation: 30
I want to drop ISP traffic shaping RST packets. But I think it would be better to block the ISP range than the port, I think I'm setting myself up for trouble since it would block legit RST packets and I would have to wait for a TCP reconnection. I did test it but there is no difference, which led me to ask if I am doing it correctly?
 
Old 04-19-2008, 03:57 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
How did you test? I notice nmap(1) has a --scanflags option to allow you to specify, e.g. a TCP RST flag.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel dropping packets... LWillmann Linux - Networking 1 05-25-2006 11:19 AM
dropping and forwarding packets using libpcap escorp Linux - Networking 2 04-08-2006 09:18 PM
RST Packets Pastorino Linux - Security 1 08-11-2004 04:01 PM
Dropping Network Packets Micah Linux - Networking 4 03-14-2004 10:39 PM
dropping packets ? jb_li Programming 7 04-14-2003 12:18 PM


All times are GMT -5. The time now is 10:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration