0

I have requirement where am getting parameters to set in iptables as below:

Rate Limit = 1/sec

Source port = 5432

Source IP = 203.0.113.0

Protocol = tcp

TCP flags = &syn!=syn

iptables -A PRIO_IN -p tcp -s 203.0.113.0 --sport 5432 -j ACCEPT --tcp-flags " "

How to pass input parameters of tcp flgas to command line?

What is the meaning of &syn!=syn ?

Improve this question
6
  • 1
    & syn != syn means that the syn flag is cleared, as in != syn means that "any case but only the syn flag is set". Probably both --tcp-flags SYN NONE and ! --tcp-flags SYN SYN are equivalent to & syn != syn. Commented Dec 5, 2023 at 12:26
  • Thanks for the comment. But when i check with chatgpt am getting !=syn as ! --tcp-flags SYN SYN. And &syn!= syn as --tcp-flags SYN SYN -m u32 --u32 "!(12 & 0x2C=0x2C)". Commented Dec 6, 2023 at 5:04
  • Well, I can't explain for an answer for a robot. Ask the robot to explain / assure you that its answer is correct, maybe. What I can offer is, you can read the iptables-extensions man page and get to know what "bit masking" means. The equivalent of tcp flags != syn should be ! --tcp-flags ALL SYN. (I can't guarantee that nftables devs won't get it wrong when they implement it either though. Sometimes they might even choose to stick with bad/wrong stuff since they think correcting it "would violate existing assumption".) Commented Dec 6, 2023 at 6:14
  • My advice is, believe in semantics and experiment for actual behavior if really paranoid (certainly you'll need to be capable enough), and ask on the netfilter mailing list in a smart way if necessary instead of asking a robot that is known to be immature. Commented Dec 6, 2023 at 6:15
  • 1
    Yes, AFACIT, they are equivalent to each other. Commented Dec 6, 2023 at 10:11

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.