I have the following two rules in iptables:
Code:
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "INVFLAGS: "
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
This was achieving by using
! --syn -j DROP
I connected through ssh to the server that has these rules, and all of a sudden I saw in /var/log/messages Jan 20 20:42:56 hostname kernel: INVFLAGS: IN=eth0 OUT= MAC=de:51:b9:2f:f5:e5:00:19:56:29:3f:7f:08:00 SRC=
MY.HOME.IP.ADDR. DST=X.X.X.X LEN=88 TOS=0x00 PREC=0x00 TTL=56 ID=29505 DF PROTO=TCP SPT=55520 DPT=22 WINDOW=4096 RES=0x00
ACK PSH URGP=0
So my computer was sending what one would consider packets with invalid flags. Why is this happening?
I'm also seeing the ACK PSH flags there, and I'm not sure how I should interpret them.
The thing is, my ssh connection works perfectly, so I'm not sure what is dropping and why this is happening.
Any thoughts? Thanks