Problem with iptables tcp-flags

Discussion in 'Linux Networking' started by Martin Schneider, Apr 29, 2005.

  1. I want a iptables rule to match if for example URG or/and PSH or/and
    ACK controlflag are set and dont care if FIN, SYN,.. flags are set or
    not.

    How do you do that with
    --tcp-flags [!] mask comp

    It should go easier than this:
    --tcp-flags URG,PSH,ACK URG or --tcp-flags URG,PSH,ACK PSH or
    --tcp-flags URG,PSH,ACK ACK or --tcp-flags URG,PSH,ACK URG,PSH ... and
    so on ???
     
    Martin Schneider, Apr 29, 2005
    #1
    1. Advertisements

  2. man iptables:

    "...Flags are: SYN ACK FIN RST URG PSH ALL
    NONE..."

    So: --tcp-flags ALL PSH will do what you want.

    And again, being polite on newsgroups usually help to have answers !
     
    Vincent Jaussaud, Apr 29, 2005
    #2
    1. Advertisements

  3. --tcp-flags ! URG,PSH,ACK NONE
     
    Horst Knobloch, Apr 29, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.