I am pretty new to firewalling and have recently been having a bit of good luck in setting up a firewall on a domain I run. I started from a base setup of rules, and have been slowly modifying it for my needs.
Now, I'm curious to know more about the bits used in a TCP header, namely the URG, ACK, PSH, RST, SYN, and FIN bits (
Info taken from here).
Some questions I have are:
1* Is SYN always set when accepting a new connection?
2* Will any other bits be set when accepting a new connection?
3* Is RST or FIN always set when ending a connection?
4* Will any other bits be set when ending a connection?
5* Can SYN, RST, or FIN be set in a packet that is neither a new connection, nor an ending connection?
I assume that 1 and 3 are always true, and 5 is always false. Is this correct?
If that is correct, my thinking is that I could set up firewall rules that are something like:
* Accept TCP packet with new connection and SYN.
* Drop TCP packet with new connection and without SYN.
* Accept TCP packet with ending connection and (RST or FIN)
* Drop TCP packet with ending connection and without (RST OR FIN)
Which of course begs the question, is it worth it? Do I gain anything by this? Will this help prevent attacks against my system?
For anyone with any helpful info, I'd sure appreciate you input!!