Firewall
 » 
Firewall Discussions
 » 
Firewall (securityfocus.com)

handle different TCP Flags

View: New views
1 Messages — Rating Filter:   Alert me  

handle different TCP Flags

by Brent Clark-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

To whom it may concern

In my quest to understand TCP/IP and iptables more, ive been researching on google and the netfilter mailinglist, to come up with some
rules to handle different TCP Flags.

If possible would someone please overlook / proof read my ruleset and please share some comment / critism.

I would be most greatful.

Kind Regards
Brent Clark

# Limit 12 connections per second (burst to 24)
  $IPT -N syn-flood
  $IPT -A syn-flood -m limit --limit 12/s --limit-burst 24 -j RETURN
  $IPT -A syn-flood -j LOG --log-level info --log-prefix '#### Syn Flood ####'
  $IPT -A syn-flood -j DROP

  $IPT -N bad_tcp_packets
  $IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "New not syn:"
  $IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
  ###$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 5/m -j LOG --log-level info --log-prefix '#### Stealth Scan ####'
  ###$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j DROP
  $IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -m limit --limit 5/m -j LOG --log-level info --log-prefix '#### XMAS Scan ####'
  $IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
  $IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -m limit --limit 5/m -j LOG --log-level info --log-prefix '#### NULL Scan ####'
  $IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j DROP
  $IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/m -j LOG --log-level info --log-prefix '#### SYN/RST Scan ####'
  $IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
  $IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m -j LOG --log-level info --log-prefix '#### SYN/FIN Scan ####'
  $IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
  $IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -m limit --limit 5/m -j LOG --log-level info --log-prefix '#### SYN/ACK Scan ####'
  $IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset

  $IPT -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

  # Checking for naughty packets
  $IPT -A FORWARD -p tcp --syn -j syn-flood

  $IPT -A FORWARD -p tcp -j bad_tcp_packets
Free embeddable forum powered by Nabble Forum Help