iptables; ACK/SYN/etc; understand the bits, and potential firewall entries
I am pretty new to firewalling and have recently been having a bit of good luck in setting up a firewall on a domain I run. I started from a base setup of rules, and have been slowly modifying it for my needs.
Now, I'm curious to know more about the bits used in a TCP header, namely the URG, ACK, PSH, RST, SYN, and FIN bits (Info taken from here).
Some questions I have are:
1* Is SYN always set when accepting a new connection?
2* Will any other bits be set when accepting a new connection?
3* Is RST or FIN always set when ending a connection?
4* Will any other bits be set when ending a connection?
5* Can SYN, RST, or FIN be set in a packet that is neither a new connection, nor an ending connection?
I assume that 1 and 3 are always true, and 5 is always false. Is this correct?
If that is correct, my thinking is that I could set up firewall rules that are something like:
* Accept TCP packet with new connection and SYN.
* Drop TCP packet with new connection and without SYN.
* Accept TCP packet with ending connection and (RST or FIN)
* Drop TCP packet with ending connection and without (RST OR FIN)
Which of course begs the question, is it worth it? Do I gain anything by this? Will this help prevent attacks against my system?
For anyone with any helpful info, I'd sure appreciate you input!!
Re: iptables; ACK/SYN/etc; understand the bits, and potential firewall entries
PS: here's some other checks... they are from a script posted here at LQ... i can't remember who was the original poster for these, though:
I know this thread is older, however I am interested in the syn, ack and other rules in your ip chains.
Does this affect any traffic in the way of slowing down incoming connections?
I put in rate limiting rules to the email ports and they work GREAT, once the limit is reached it blocks malicious traffic.
Any expert advice would be great.
|All times are GMT -5. The time now is 01:45 AM.|