iptables一直有个问题没怎么搞得太清楚。

发布于 2022-07-25 09:45:21 字数 1205 浏览 16 评论 2

--syn:

[!] --syn
            Only  match TCP packets with the SYN bit set and the ACK,RST and
            FIN bits cleared.  Such packets are used to request TCP  connec-
            tion initiation; for example, blocking such packets coming in an
            interface will prevent incoming TCP  connections,  but  outgoing
            TCP  connections will be unaffected.  It is equivalent to --tcp-
            flags  SYN,RST,ACK,FIN  SYN. If  the  "!"  flag  precedes  the
            "--syn", the sense of the option is inverted.

请问一下，具体哪些场合会将[!]--syn加入到匹配条件中去呢?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

最初的梦 2022-07-26 19:06:48

嗯。多谢kenduest。其实大概的知道，就是写的规则比较少，所以没有太清楚具体的事情。谢谢。

--state state
            Where  state  is a comma separated list of the connection states
            to match.  Possible states are INVALID meaning that  the  packet
            could  not  be identified for some reason which includes running
            out of memory and ICMP errors  which  don’t  correspond  to  any
            known connection, ESTABLISHED meaning that the packet is associ-
            ated with a connection which has seen  packets  in  both  direc-
            tions, NEW meaning that the packet has started a new connection,
            or otherwise associated with a connection  which  has  not  seen
            packets  in both directions, and RELATED meaning that the packet
            is starting a new connection, but is associated with an existing
            connection, such as an FTP data transfer, or an ICMP error.

还是用-m state算了。

回复收藏 0