iptables: accepting SYN --> connection ESTABLISHED
Robert Brockway
robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org
Thu Oct 9 05:53:02 UTC 2003
On Wed, 8 Oct 2003, William Park wrote:
> > I would avoid accepting an arbitrary packet with the TCP SYN bit set.
>
> Yes, I only do this for port 25. I first accept SYN packet, but drop
> all subsequent packets. But, I also allow ESTABLISHED connections in
> general. So, having accepted SYN packet, the SMTP connection is now
> established. Hence, every mail comes through. :-(
Hi William. You'd need to allow ACK through as well as SYN or the
connection would never get to the established state (where the ESTABLISHED
rule would take over).
Cheers,
Rob
--
Robert Brockway B.Sc. email: robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org, zzbrock at uqconnect.net
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list