* Michael Neumann;
Hi all,
I use iptables as a firewall on my local machine to filter any incoming ^^^^^^^^^^^ filtered. I have tried with DENY and REJECT but got the same report.
DENY is now DROP the below is from the SENTRY Firewall CD $IPTABLES -N CHECK_FLAGS $IPTABLES -F CHECK_FLAGS ##------------------------------------------------------------------------## ## NMAP FIN/URG/PSH $IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags ALL FIN,URG,PSH -m limit \ --limit 5/minute -j LOG --log-level $LOG_LEVEL --log-prefix "NMAP-XMAS:" $IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP ##------------------------------------------------------------------------## ##------------------------------------------------------------------------## ## SYN/RST $IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags SYN,RST SYN,RST -m limit \ --limit 5/minute -j LOG --log-level $LOG_LEVEL --log-prefix "SYN/RST:" $IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags SYN,RST SYN,RST -j DROP ##------------------------------------------------------------------------## ##------------------------------------------------------------------------## ## SYN/FIN -- Scan(probably) $IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit \ --limit 5/minute -j LOG --log-level $LOG_LEVEL --log-prefix "SYN/FIN:" $IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP ##------------------------------------------------------------------------## ##------------------------------------------------------------------------## ## Make some types of port scans annoyingly slow, also provides some ## protection against certain DoS attacks. The rule in chain KEEP_STATE ## referring to the INVALID state should catch most TCP packets with the ## RST or FIN bits set that aren't associate with an established connection. ## Still, these will limit the amount of stuff that is accepted through our ## open ports(if any). I suggest you test these for your configuration before ## you uncomment them, as they could cause problems. # $IPTABLES -A CHECK_FLAGS -m limit --limit 5/second -p tcp --tcp-flags ALL RST -j ACCEPT # $IPTABLES -A CHECK_FLAGS -m limit --limit 5/second -p tcp --tcp-flags ALL FIN -j ACCEPT # $IPTABLES -A CHECK_FLAGS -m limit --limit 5/second -p tcp --tcp-flags ALL SYN -j ACCEPT ##------------------------------------------------------------------------## -- Togan Muftuoglu