LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page ipchains rejection based on flags
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-11-2004, 09:49 AM   #1
wedgeworth
Member
 
Registered: Aug 2003
Posts: 234

Rep: Reputation: 30
ipchains rejection based on flags

how do i use ipchains to where i can accept or reject packets based on the flags that are set as they pass through the firewall? making judgements based on if SYN or FIN is set or not? and also on the certain combonations that are set.
 
Old 05-11-2004, 06:17 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
To my knowledge, ipchains can only filter tcp flags as being either SYN or not SYN (meaning everything else). To match SYN packets use the -y option:

ipchains -A input -p tcp -y -j ACCEPT

to match everything but SYN:

ipchains -A input -p tcp ! -y -j ACCEPT

I don't believe that ipchains can match any other tcp flags. Ipfwadmin had a -k match for ack packets, but I don't think that got supported in ipchains. If you want to do complex packet filtering, I would recommend switching to iptables instead. You can match any tcp flags you want and you'll get statefull firewalling as well. If you want more info on ipchains, you can take a look at the ipchains howto from tldp:

http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html#toc4
Last edited by Capt_Caveman; 05-11-2004 at 06:20 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux based gateway for time-based wireless service. TotalDefiance Linux - Software 0 10-03-2005 06:06 PM
Do DEB-based distros have the dependancy hell like RPM-based ones? manhinli Linux - Newbie 2 04-05-2005 06:08 AM
phpMyAdmin login rejection as root ??? cdrobsonjr Linux - Software 2 12-01-2004 09:12 PM
CC flags and the like Garp Linux - Software 2 05-17-2004 03:48 AM
tcp wrappers rejection with sendmail zepplin611 Linux - Software 4 05-05-2004 07:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:11 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration