Results 1 to 1 of 1
i m just a rookie in learning Linux and computer networking. Previously, I downloaded the tutorial somewhere from the forum, and there are something i wish to ask Part1: $IPT ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 09-04-2005 #1
- Join Date
- Sep 2005
Some Iptables Problems, Plz Help :)
$IPT -N allow-ssh-input
$IPT -F allow-ssh-input
$IPT -A allow-ssh-input -m limit --limit 1/second -p tcp --tcp-flags ALL RST --dport 22 -j ACCEPT
$IPT -A allow-ssh-input -m limit --limit 1/second -p tcp --tcp-flags ALL FIN --dport 22 -j ACCEPT
$IPT -A allow-ssh-input -m limit --limit 1/second -p tcp --tcp-flags ALL SYN --dport 22 -j ACCEPT
$IPT -A allow-ssh-input -m state --state ESTABLISHED,RELATED -p tcp --dport 22 -j ACCEPT
$IPT -A INPUT -j allow-ssh-input
i know that there are 6 types of flags in TCP, namely URG, ACK, PSH, RST, SYN, FIN ... What i wish to ask is
1. Why ssh only need to consider the latter 3 flags?? (i notice the same goes for ftpd request)
2. What does the time limit indicate?? limit 1s .. can we set other time?? could it be possible that one of the reasons setting to 1s is to aviod certain attacks??
echo "2" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
if i m not wrong, we echo 0 or 1 is to set the parameter if we want it on or off, right?? then how about 2??
Lastly, thanks for reading this n would highly appreciate your help smile.gif thanks
From a rookie, ERIC