Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Website 3:
### 1: Drop invalid packets ###
/sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
### 4: Block packets with bogus TCP flags ###
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
Website 2:
iptables -A INPUT -p tcp -m tcp --tcp-flags ALL FIN,PSH,URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
Website 1:
# Block port scans
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
As you can see the different website have slightly different flags for Bogus/Port Scanning Traffic. How do I verify what is actually correct as I don't want to drop legitimate traffic? Unfortunately, a lot of websites have a lot of obsolete or inaccurate information on Iptables. So I am not sure why Website 3 doesn't have all the flags that say website 1 mentions. I have only applied the rules from Website 3, but would like to apply from the other two websites.
Last edited by dalacor; 03-20-2023 at 10:20 AM.
Reason: Changed focus of topic to just one question
If you are referring to the difference between prerouting and Input, I get that. Website 3 makes perfect sense to block unwanted traffic at Prerouting stage as these rules are applied before the Input, Forward rules.
to use an example of what I am actually asking:
Website three TCP Flags are as follows - --tcp-flags FIN,SYN FIN,SYN -j DROP
Whereas Website one TCP flags are as follows - --tcp-flags SYN,FIN SYN,FIN -j DROP
As you can see the FIN, SYN is reversed to SYN, FIN in each example. What I want to understand is what the difference is between these two sets of flags for example. I don't know if one of the websites is wrong or both are correct and are blocking a different attack. I want to learn what each set of flags is blocking and whether I have covered all the rules necessary to drop unwanted traffic.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.