Dropping RST packets with IPFW

Smokey · 04-19-2008, 05:08 AM

I've been reading the IPFW manpage but it is cryptic and hard to understand. I've been trying to create a rule like this:

iptables -A INPUT -p tcp -dport $CLIENT_PORT# -tcp-flags RST RST -j DROP

Would this be the IPFW equivalent?

ipfw add 00042 drop tcp from any to any in tcpflags rst src-port $CLIENT_PORT#

anomie · 04-19-2008, 12:27 PM

That looks correct to me, based on what I read in ipfw(8). Wouldn't it be quicker to test this rule than ask here?

(Also, I'm curious why you want to block RST packets.)

Smokey · 04-19-2008, 12:48 PM

I want to drop ISP traffic shaping RST packets. But I think it would be better to block the ISP range than the port, I think I'm setting myself up for trouble since it would block legit RST packets and I would have to wait for a TCP reconnection. I did test it but there is no difference, which led me to ask if I am doing it correctly?

anomie · 04-19-2008, 02:57 PM

How did you test? I notice nmap(1) has a --scanflags option to allow you to specify, e.g. a TCP RST flag.