|
|
 | | From: | Geoff | | Subject: | Closed ports and connection tracking | | Date: | Fri, 21 Jan 2005 16:13:33 +0000 |
|
|
 | OK, I am taking baby-steps in trying to get a better understanding of
protocols and firewalls. At present it is more important that I learn
than that I get a "recipe".
Say I want to block new tcp connections from the outside. I create filter
rules:
iptables -P INPUT DROP
iptables -A INPUT --proto tcp -m state --state NEW -j REJECT
iptables -A INPUT --proto tcp -m state --state ESTABLISHED,RELATED -j
ACCEPT
I see some dropped packets which are a result of my [SYN] receiving a
[RST,ACK] response - which I believe (am I wrong?) means that the port is
closed.
Presumably, therefore, [RST,ACK] does not create an ESTABLISHED state even
though packets have travelled in both directions, albeit not giving rise
to a transfer of any payload(?)
Presumably also, my application should receive the [RST,ACK] so that it
will know that the port is closed and stop pestering the host(?) The DROP
is therefore inappropriate?
If the above is right, what rule would achieve my object?
Geoff
|
|
|
