Problem with iptables tcp-flags

I want a iptables rule to match if for example URG or/and PSH or/and
ACK controlflag are set and dont care if FIN, SYN,.. flags are set or
not.

How do you do that with
--tcp-flags [!] mask comp

It should go easier than this:
--tcp-flags URG,PSH,ACK URG or --tcp-flags URG,PSH,ACK PSH or
--tcp-flags URG,PSH,ACK ACK or --tcp-flags URG,PSH,ACK URG,PSH ... and
so on ???

Martin Schneider wrote:

> I want a iptables rule to match if for example URG or/and PSH or/and
> ACK controlflag are set and dont care if FIN, SYN,.. flags are set or
> not.
>
> How do you do that with
> --tcp-flags [!] mask comp
>
> It should go easier than this:
> --tcp-flags URG,PSH,ACK URG or --tcp-flags URG,PSH,ACK PSH or
> --tcp-flags URG,PSH,ACK ACK or --tcp-flags URG,PSH,ACK URG,PSH ... and
> so on ???

man iptables:

"...Flags are: SYN ACK FIN RST URG PSH ALL
NONE..."

So: --tcp-flags ALL PSH will do what you want.

And again, being polite on newsgroups usually help to have answers !

--
Vincent Jaussaud, Kelkoo.com IT Architect
---
When I say the magic word to all these people, they will vanish forever.
I will then say the magic words to you, and you, too, will vanish -- never
to be seen again.
-- Kurt Vonnegut Jr., "Between Time and Timbuktu"

Martin Schneider <(E-Mail Removed)> wrote:

> I want a iptables rule to match if for example URG or/and PSH or/and
> ACK controlflag are set and dont care if FIN, SYN,.. flags are set or
> not.

--tcp-flags ! URG,PSH,ACK NONE

--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn