Dropping RST packets with IPFW
I've been reading the IPFW manpage but it is cryptic and hard to understand. I've been trying to create a rule like this:
iptables -A INPUT -p tcp -dport $CLIENT_PORT# -tcp-flags RST RST -j DROP Would this be the IPFW equivalent? ipfw add 00042 drop tcp from any to any in tcpflags rst src-port $CLIENT_PORT# |
That looks correct to me, based on what I read in ipfw(8). Wouldn't it be quicker to test this rule than ask here? :)
(Also, I'm curious why you want to block RST packets.) |
I want to drop ISP traffic shaping RST packets. But I think it would be better to block the ISP range than the port, I think I'm setting myself up for trouble since it would block legit RST packets and I would have to wait for a TCP reconnection. I did test it but there is no difference, which led me to ask if I am doing it correctly?
|
How did you test? I notice nmap(1) has a --scanflags option to allow you to specify, e.g. a TCP RST flag.
|
All times are GMT -5. The time now is 02:30 PM. |