[Shorewall-newbies] tcpflags SYN+FIN
teastep at shorewall.net
Tue Mar 2 10:32:41 PST 2004
On Tuesday 02 March 2004 08:50 am, Nian Ma wrote:
> what a mistake I made.
> However, after I changed the file interfaces and restarted shorewall,
> the Nessus reported the same warning:
> "The remote host does not discard TCP SYN packets which have the FIN
> flag set."
> Just wanted to give another try, I changed shorewall.conf to set
> and changed file Interfaces as:
> # #ZONE INTERFACE BROADCAST OPTIONS
> net eth0 detect routefilter,norfc1918,tcpflags
> loc eth1 detect
> dmz eth2 detect
> after restart, Nessus generated the same warning.
> Any other suggestions?
What is your setting for TCP_FLAGS_DISPOSITION in shorewall.conf?
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies