I keep seeing this in firewall scripts on the net, but I am unable to find an explanation or listing/table of
tcp-options.
The command in question is the following
iptables -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
Why are [we] only allowing tcp-options of 2? what are tcp packets with option 2? what are the other options, and why
do we not want them?
I'm sure it's safe, and likely a good idea to have in, given the number of tutorials that have it in, but I just dislike
the idea of having something in my to be firewall script that I have little understanding of.
thanks in advance!
-rp
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment