Gentoo Forums :: View topic - Bad TCP Flags[Solved ?]

Bad TCP Flags[Solved ?]

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Networking & Security

View previous topic :: View next topic

Author

Message

Matteo Azzali
Retired Dev

Joined: 23 Sep 2004
Posts: 1133

Posted: Wed Sep 28, 2005 11:01 am Post subject: Bad TCP Flags[Solved ?]

Since I filtered out some bad tcp flags known on the net

Code:

ALL NONE
FIN,ACK FIN
ACK,PSH PSH
ACK,URG URG
SYN,FIN SYN,FIN
SYN,RST SYN,RST
FIN,RST FIN,RST
ALL FIN,PSH,URG

I'm getting a lot of dropped packets, something like:

Code:

Sep 28 13:03:14 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Sep 28 13:03:14 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=35437 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=50 RES=0x00 ACK URGP=0
Sep 28 13:03:14 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=35437 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=50 RES=0x00 ACK URGP=0
Sep 28 13:03:14 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35438 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=50 RES=0x00 ACK URGP=0
Sep 28 13:03:14 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35438 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=50 RES=0x00 ACK URGP=0
Sep 28 13:03:14 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35439 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=50 RES=0x00 ACK URGP=0
Sep 28 13:03:14 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35439 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=50 RES=0x00 ACK URGP=0
Sep 28 13:03:14 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35440 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=50 RES=0x00 ACK PSH URGP=0
Sep 28 13:03:15 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35444 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=50 RES=0x00 ACK URGP=0
Sep 28 13:03:18 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=35447 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=62 RES=0x00 ACK URGP=0
Sep 28 13:03:18 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=35447 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=62 RES=0x00 ACK URGP=0
Sep 28 13:03:19 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=35448 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK URGP=0
Sep 28 13:03:19 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=35448 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK URGP=0
Sep 28 13:03:19 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35449 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK URGP=0
Sep 28 13:03:19 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35449 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK URGP=0
Sep 28 13:03:19 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35450 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK URGP=0
Sep 28 13:03:19 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35450 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK URGP=0
Sep 28 13:03:19 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35451 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK URGP=0
Sep 28 13:03:19 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35451 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK URGP=0
Sep 28 13:03:20 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35455 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK URGP=0
Sep 28 13:03:20 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=35488 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK URGP=0
Sep 28 13:03:25 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=35502 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK FIN URGP=0
Sep 28 13:03:25 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=35502 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK FIN URGP=0
Sep 28 13:03:26 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=35503 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK URGP=0
Sep 28 13:03:26 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=35503 DF PROTO=TCP SPT=80 DPT=56804 WINDOW=72 RES=0x00 ACK URGP=0
Sep 28 13:03:34 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Sep 28 13:03:34 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Sep 28 13:03:34 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=25630 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=51 RES=0x00 ACK URGP=0
Sep 28 13:03:34 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=25630 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=51 RES=0x00 ACK URGP=0
Sep 28 13:03:34 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=25631 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=51 RES=0x00 ACK URGP=0
Sep 28 13:03:34 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=25631 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=51 RES=0x00 ACK URGP=0
Sep 28 13:03:34 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=25632 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=51 RES=0x00 ACK URGP=0
Sep 28 13:03:34 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=25632 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=51 RES=0x00 ACK URGP=0
Sep 28 13:03:35 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=25633 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=51 RES=0x00 ACK PSH URGP=0
Sep 28 13:03:35 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=25633 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=51 RES=0x00 ACK PSH URGP=0
Sep 28 13:03:35 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=25637 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=51 RES=0x00 ACK URGP=0
Sep 28 13:03:35 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=25637 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=51 RES=0x00 ACK URGP=0
Sep 28 13:03:36 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=25673 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=61 RES=0x00 ACK URGP=0
Sep 28 13:03:36 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=25673 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=61 RES=0x00 ACK URGP=0
Sep 28 13:03:37 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=32286 DF PROTO=TCP SPT=80 DPT=56806 WINDOW=79 RES=0x00 ACK URGP=0
Sep 28 13:03:37 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=32286 DF PROTO=TCP SPT=80 DPT=56806 WINDOW=79 RES=0x00 ACK URGP=0
Sep 28 13:03:38 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=25684 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=88 RES=0x00 ACK URGP=0
Sep 28 13:03:38 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=1472 TOS=0x00 PREC=0x00 TTL=53 ID=25684 DF PROTO=TCP SPT=80 DPT=56805 WINDOW=88 RES=0x00 ACK URGP=0
Sep 28 13:03:43 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=32288 DF PROTO=TCP SPT=80 DPT=56806 WINDOW=79 RES=0x00 ACK FIN URGP=0
Sep 28 13:03:43 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=32288 DF PROTO=TCP SPT=80 DPT=56806 WINDOW=79 RES=0x00 ACK FIN URGP=0
Sep 28 13:03:56 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=80 DPT=56806 WINDOW=79 RES=0x00 ACK URGP=0
Sep 28 13:03:56 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=140.211.166.170 DST=192.168.1.56 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=80 DPT=56806 WINDOW=79 RES=0x00 ACK URGP=0
Sep 28 13:05:06 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=66.249.93.104 DST=192.168.1.56 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=64920 PROTO=TCP SPT=80 DPT=52389 WINDOW=8190 RES=0x00 ACK FIN URGP=0
Sep 28 13:05:06 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=66.249.93.104 DST=192.168.1.56 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=64920 PROTO=TCP SPT=80 DPT=52389 WINDOW=8190 RES=0x00 ACK FIN URGP=0
Sep 28 13:05:06 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=66.249.93.104 DST=192.168.1.56 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=53148 PROTO=TCP SPT=80 DPT=52388 WINDOW=8190 RES=0x00 ACK FIN URGP=0
Sep 28 13:05:06 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=66.249.93.104 DST=192.168.1.56 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=53148 PROTO=TCP SPT=80 DPT=52388 WINDOW=8190 RES=0x00 ACK FIN URGP=0
Sep 28 13:05:11 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=66.249.93.104 DST=192.168.1.56 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=58008 PROTO=TCP SPT=80 DPT=52388 WINDOW=8190 RES=0x00 ACK URGP=0
Sep 28 13:05:11 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=66.249.93.104 DST=192.168.1.56 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=58008 PROTO=TCP SPT=80 DPT=52388 WINDOW=8190 RES=0x00 ACK URGP=0
Sep 28 13:05:11 KillerBee KMF:AS:IN=eth0 OUT= MAC=0000 SRC=66.249.93.104 DST=192.168.1.56 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=46233 PROTO=TCP SPT=80 DPT=52389 WINDOW=8190 RES=0x00 ACK URGP=0
Sep 28 13:05:11 KillerBee KMF:FLAG:IN=eth0 OUT= MAC=0000 SRC=66.249.93.104 DST=192.168.1.56 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=46233 PROTO=TCP SPT=80 DPT=52389 WINDOW=8190 RES=0x00 ACK URGP=0

(KMF:FLAG: tcp flags, KMF:AS:antispoofing: (--source 127.0.0.0/8 --in-interface ! lo) )
There is something wrong in my filters or the web has gone so wild??
_________________
Every day a new distro comes to birth. Every day a distro "eats" another.
If you're born distro, no matter what, start to run.
---- http://www.linuxprinting.org/ ---- http://tuxmobil.org/

Last edited by Matteo Azzali on Wed Sep 28, 2005 3:33 pm; edited 1 time in total

frostschutz
Advocate

Joined: 22 Feb 2005
Posts: 2977
Location: Germany

Posted: Wed Sep 28, 2005 11:40 am Post subject: Re: Bad TCP Flags

Matteo Azzali wrote:

There is something wrong in my filters or the web has gone so wild??

No... you think!?

Matteo Azzali
Retired Dev

Joined: 23 Sep 2004
Posts: 1133

Posted: Wed Sep 28, 2005 11:55 am Post subject:

Well, some of these IP address are from google and from Asus..... I re-checked my rules accordingly to http://www.knowplace.org/netfilter/ip_overview.html and http://www.nufw.org/docs/howto.html and I can't see where I'm wrong (either, I don't know the meaning of URGP=0 .....is this URG or not? if not, iptables is recognizing that as URG wrongly....) _________________ Every day a new distro comes to birth. Every day a distro "eats" another. If you're born distro, no matter what, start to run. ---- http://www.linuxprinting.org/ ---- http://tuxmobil.org/

Matteo Azzali
Retired Dev

Joined: 23 Sep 2004
Posts: 1133

Posted: Wed Sep 28, 2005 12:18 pm Post subject:

Ok, maybe I need some work more:
man iptables:

Quote:

--tcp-flags [!] mask comp
Match when the TCP flags are as specified. The first argu-
ment is the flags which we should examine, written as a
comma-separated list, and the second argument is a comma-sep-
arated list of flags which must be set. Flags are: SYN ACK
FIN RST URG PSH ALL NONE. Hence the command
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN
will only match packets with the SYN flag set, and the ACK,
FIN and RST flags unset.

_________________
Every day a new distro comes to birth. Every day a distro "eats" another.
If you're born distro, no matter what, start to run.
---- http://www.linuxprinting.org/ ---- http://tuxmobil.org/

Matteo Azzali
Retired Dev

Joined: 23 Sep 2004
Posts: 1133

Posted: Wed Sep 28, 2005 3:30 pm Post subject:

OK, I've finished my workstation firewall, should work fine and drop almost
all types of "bad" packets (important chain for this topic is TCP_CHECK):

Code:

iptables -L
Chain ANTISPOOF (1 references)
target prot opt source destination
LOG all -- loopback/8 anywhere LOG level warning prefix `KMF:AS2:'
DROP all -- loopback/8 anywhere
RETURN all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `KMF:AS:'

Chain ICMP_FILTER (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp host-unreachable
ACCEPT icmp -- anywhere anywhere icmp network-unreachable
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `KMF:ICMP:'
DROP all -- anywhere anywhere

Chain INPUT (policy DROP)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp flags:SYN,ACK/SYN,ACK state NEW reject-with tcp-reset
REJECT tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW reject-with tcp-reset
DROP all -- anywhere anywhere state INVALID
ICMP_FILTER icmp -- anywhere anywhere
ANTISPOOF all -- anywhere anywhere
TCP_CHECKS tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.1.254 anywhere
REJECT all -- 192.1.168.0/24 anywhere reject-with icmp-port-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 5/min burst 5
ACCEPT all -- anywhere localhost
DROP all -- anywhere anywhere state INVALID
ACCEPT udp -- anywhere anywhere udp spt:domain
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `KMF: '

Chain FORWARD (policy DROP)
target prot opt source destination

Chain LOCAL_LANS (0 references)
target prot opt source destination
ACCEPT all -- 192.168.1.0/24 anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- localhost anywhere
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere multiport dports http,http-alt,https
ACCEPT tcp -- anywhere anywhere multiport ports smtp,pop3,pop3s,585,imap
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:5190
ACCEPT tcp -- anywhere anywhere tcp dpt:x11
ACCEPT tcp -- anywhere anywhere tcp dpt:rsync
ACCEPT tcp -- anywhere anywhere tcp dpt:nicname
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `KMF:'

Chain TCP_CHECKS (1 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE LOG level warning prefix `KMF:TCP1:'
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
RETURN tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN state ESTABLISHED
LOG tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN LOG level warning ip-options prefix `KMF:TCP2:'
DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
LOG tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH LOG level warning prefix `KMF:TCP3:'
DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
LOG tcp -- anywhere anywhere tcp flags:ACK,URG/URG LOG level warning prefix `KMF:TCP4:'
DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN LOG level warning prefix `KMF:TCP5:'
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
LOG tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST LOG level warning prefix `KMF:TCP6:'
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
LOG tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST LOG level warning prefix `KMF:TCP7:'
DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG LOG level warning prefix `KMF:TCP8:'
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
RETURN all -- anywhere anywhere

Chain VPNs (0 references)
target prot opt source destination

The script is result from kmyfirewall, please feel free to critic, suggest, comment.
_________________
Every day a new distro comes to birth. Every day a distro "eats" another.
If you're born distro, no matter what, start to run.
---- http://www.linuxprinting.org/ ---- http://tuxmobil.org/

Display posts from previous:

	Gentoo Forums Forum Index Networking & Security	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy