Rules don't Work
Isamp
isamp@terra.com.br
Fri, 5 Oct 2001 13:15:56 -0300
Yes, I have this line.
My rules is
DEBUG_IPTABLES()
{
cmd="$IPTABLES_CMD $*"
$cmd &>/dev/null || echo "FAILED: $cmd ERRNO: $?"
}
export IPTABLES_CMD="iptables"
IPTABLES="DEBUG_IPTABLES"
LOG_LEVEL="notice"
:
:
$IPTABLES -N CHECK_FLAGS; $IPTABLES -F CHECK_FLAGS
$IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags ALL FIN,URG,PSH -m limit --limit
5/minute -j LOG --log-level $LOG_LEVEL --log-prefix "NMAP-XMAS:"
$IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit
5/minute -j LOG --log-level $LOG_LEVEL --log-prefix "SYN/RST:"
$IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit
5/minute -j LOG --log-level $LOG_LEVEL --log-prefix "SYN/FIN:"
$IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
:
:
When I execute this script, Iptables don't accept the rules above.
-- Isamp