[Shorewall-newbies] tcpflags SYN+FIN

Tom Eastep teastep at shorewall.net
Tue Mar 2 10:32:41 PST 2004

On Tuesday 02 March 2004 08:50 am, Nian Ma wrote:
> what a mistake I made.
> However, after I changed the file interfaces and restarted shorewall,
> the Nessus reported the same warning:
> "The remote host does not discard TCP SYN packets which have the FIN
> flag set."
> Just wanted to give another try, I changed shorewall.conf to set
> and changed file Interfaces as:
>  net	eth0		detect		routefilter,norfc1918,tcpflags
>  loc	eth1		detect
>  dmz	eth2		detect
> after restart, Nessus generated the same warning.
> Any other suggestions?

What is your setting for TCP_FLAGS_DISPOSITION in shorewall.conf?

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list