Hi! Thanks for reading my post/question:
I think my eyes are beginning to bleed, I've been recently playing with Iptables - mostly just to get more familiar with them and for fun.
I've been trying my hand at packet filtering, and I put in a rule to match any packets that are not Syn packets that are see as new connections.
Here are the rules I put in:
iptables -N tcpsyncheck
iptables -A tcpsyncheck -p tcp ! --syn -m state --state NEW -j LOGDROP
iptables -A INPUT -p tcp -j tcpsyncheck
My Policy rules are:
Currently I have one rule that allows web traffic in:
iptables -A INPUT -p tcp --dport 80 -j logaccept
I have LOGDROP logging the bad packets, but when I do an hping2 -c3 -F targethost -p 80
It seems to end up in my accepted area. I know I'm missing something simple, and I have a feeling that my web rule is taking precedence and allowing it in.
Keep in mind this is not a FW config for security just for me to play with, but I would like to know how to enable port 80 and filter the packets to it that are not initial Syn's.
Thanks for any help in advance!
Ip Tables Config Question
No replies to this topic
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users