No replies to this topic

[Gigantor]

Hi! Thanks for reading my post/question:

I think my eyes are beginning to bleed, I've been recently playing with Iptables - mostly just to get more familiar with them and for fun.
I've been trying my hand at packet filtering, and I put in a rule to match any packets that are not Syn packets that are see as new connections.

Here are the rules I put in:

iptables -N tcpsyncheck
iptables -A tcpsyncheck -p tcp ! --syn -m state --state NEW -j LOGDROP

iptables -A INPUT -p tcp -j tcpsyncheck

My Policy rules are:

INPUT DROP
OUTPUT ALLOW
FORWARD DROP

Currently I have one rule that allows web traffic in:

iptables -A INPUT -p tcp --dport 80 -j logaccept

I have LOGDROP logging the bad packets, but when I do an hping2 -c3 -F targethost -p 80
It seems to end up in my accepted area. I know I'm missing something simple, and I have a feeling that my web rule is taking precedence and allowing it in.
Keep in mind this is not a FW config for security just for me to play with, but I would like to know how to enable port 80 and filter the packets to it that are not initial Syn's.

Thanks for any help in advance!