Problem with iptables tcp-flags

From: Martin Schneider (martinschneidermail_at_yahoo.de)
Date: 04/29/05 

Date: 29 Apr 2005 03:07:26 -0700

I want a iptables rule to match if for example URG or/and PSH or/and
ACK controlflag are set and dont care if FIN, SYN,.. flags are set or
not.

How do you do that with
--tcp-flags [!] mask comp

It should go easier than this:
--tcp-flags URG,PSH,ACK URG or --tcp-flags URG,PSH,ACK PSH or
--tcp-flags URG,PSH,ACK ACK or --tcp-flags URG,PSH,ACK URG,PSH ... and
so on ???

Relevant Pages

  • Re: Problem with iptables tcp-flags
    ... > ACK controlflag are set and dont care if FIN, SYN,.. ...
    (comp.os.linux.networking)
  • Re: packets with syn/fin vs pf_norm.c
    ... Packets for TCP with SYN + FIN set are valid under TCP, ... The only thing that RFC 1644 adds to this is the ability to ...
    (FreeBSD-Security)
  • Re: Problem with iptables tcp-flags
    ... > ACK controlflag are set and dont care if FIN, SYN,.. ... When I say the magic word to all these people, they will vanish forever. ...
    (comp.os.linux.networking)
  • SO_LINGER brokenness...
    ... <16 new client connection ... A The test above write's and read's some data successfully before testing the validity of the half-close'ed state, so I'm not worried about whether or not a SYN has been received. ... but haven't sent FIN, then go to FIN_WAIT_1 state to send peer a FIN. ...
    (freebsd-net)
  • Re: can I use keep-state for icmp rules?
    ... >> degrade the quality of ipf's stateful inspection? ... >> whether using that 'flags S' will make the inspection work more like ipfw's. ... which will have both the SYN and ACK flags set. ...
    (FreeBSD-Security)