drop all syn packets without mss

author Mike Baker <[email protected]>

Fri, 15 Jul 2005 17:16:01 +0000 (17:16 +0000)

committer Mike Baker <[email protected]>

Fri, 15 Jul 2005 17:16:01 +0000 (17:16 +0000)
author Mike Baker <[email protected]>
Fri, 15 Jul 2005 17:16:01 +0000 (17:16 +0000)
committer Mike Baker <[email protected]>
Fri, 15 Jul 2005 17:16:01 +0000 (17:16 +0000)
diff --git a/openwrt/target/default/target_skeleton/etc/init.d/S45firewall b/openwrt/target/default/target_skeleton/etc/init.d/S45firewall

index bbb5c2914b91f0c9623a0f41d31a869de57383c2..17f9086b56bce583695d4215a58e0e14a75b7304 100755 (executable)
--- a/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
+++ b/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
@@ -26,7 +26,7 @@ iptables -t nat -N postrouting_rule
    iptables -P INPUT DROP
    iptables -A INPUT -m state --state INVALID -j DROP
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-  iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j  DROP
+  iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j  DROP
  
    #
    # insert accept rule or to jump to new accept-check table here
author	Mike Baker <[email protected]>
	Fri, 15 Jul 2005 17:16:01 +0000 (17:16 +0000)
committer	Mike Baker <[email protected]>
	Fri, 15 Jul 2005 17:16:01 +0000 (17:16 +0000)