I was checking out this link:
http://www.k-state.edu/its/security/...pt_Handout.pdf
There's a line that says:
Code:
iptables -A Log-N-Drop -p tcp -m tcp --tcp-flags FIN,ACK FIN -j LOG --log-prefix "Denied FIN SCAN: "
This is part of the Log-N-Drop chain that is made up of several similar statements.
First of all, I'd like to know what's the difference between --tcp-flags FIN FIN and --tcp-flags FIN,ACK FIN?
Then, there's this:
Code:
iptables -A Log-N-Drop -p tcp -m tcp --tcp-flags ALL NONE -j DROP
Which says that all tcp packets form the Log-N-Drop chain that have NO tcp flags set should be dropped.
Of course, there's a bigger context there in the link, but I'd like to take it step by step. How should I interpret this last iptables line? Why should it be necessary? I guess, in this case, it should make sense to drop all packets that have no flags set, right, 'cause they would be invalid? Any valid tcp flag should have at least one flag set, or am I wrong?
The fuller the feedback, the better