I have the following two rules in iptables:
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "INVFLAGS: "
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
This was achieving by using ! --syn -j DROP
I connected through ssh to the server that has these rules, and all of a sudden I saw in /var/log/messages Jan 20 20:42:56 hostname kernel: INVFLAGS: IN=eth0 OUT= MAC=de:51:b9:2f:f5:e5:00:19:56:29:3f:7f:08:00 SRC=MY.HOME.IP.ADDR.
DST=X.X.X.X LEN=88 TOS=0x00 PREC=0x00 TTL=56 ID=29505 DF PROTO=TCP SPT=55520 DPT=22 WINDOW=4096 RES=0x00 ACK PSH
So my computer was sending what one would consider packets with invalid flags. Why is this happening?
I'm also seeing the ACK PSH flags there, and I'm not sure how I should interpret them.
The thing is, my ssh connection works perfectly, so I'm not sure what is dropping and why this is happening.
Any thoughts? Thanks