LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-21-2014, 08:41 PM   #1
nick1976
LQ Newbie
 
Registered: Nov 2014
Posts: 5

Rep: Reputation: Disabled
ack and syn bit both set


Hello Forums
My question is
which iptable rule takes care of the packet which has both ack and syn bits set?
Thanks
 
Old 11-21-2014, 09:41 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,404

Rep: Reputation: Disabled
A SYN/ACK packet will (normally) be a response to an earlier SYN packet used to establish a TCP connection, so there should be a corresponding entry in the conntrack table for the virtual connection. A rule containing an "ESTABLISHED" conntrack/state match is typically used to allow such packets.

You can of course create a rule to specifically match these two TCP flags (-p tcp --tcp-flags <mask> SYN,ACK). In that case, any packet with the SYN and ACK flags set (and possibly others, depending on the <mask> value) will match the rule, be it part of an established connection or not.
 
1 members found this post helpful.
Old 11-21-2014, 09:44 PM   #3
nick1976
LQ Newbie
 
Registered: Nov 2014
Posts: 5

Original Poster
Rep: Reputation: Disabled
Thanks a lot for the answer.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
expanding my tc script to include prioritizing for TCP syn/ack/etc. psycroptic Linux - Networking 6 10-07-2013 07:19 PM
TCP handshake fails, SYN/ACK ignored by system. xnomad Linux - Networking 1 09-28-2011 12:10 PM
iptables blocking SYN-ACK rjordan Linux - Networking 1 06-24-2011 03:39 PM
DNAT on first SYN ACK packet sseeley Linux - Networking 2 08-24-2010 02:33 PM
SYN, SYN_ACK but no ACK nitinarora Linux - Kernel 1 05-21-2009 07:31 PM


All times are GMT -5. The time now is 11:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration