drop all syn packets without mss

author Mike Baker <mbm@openwrt.org>

Fri, 15 Jul 2005 17:16:01 +0000 (17:16 +0000)

committer Mike Baker <mbm@openwrt.org>

Fri, 15 Jul 2005 17:16:01 +0000 (17:16 +0000)
author Mike Baker <mbm@openwrt.org>
Fri, 15 Jul 2005 17:16:01 +0000 (17:16 +0000)
committer Mike Baker <mbm@openwrt.org>
Fri, 15 Jul 2005 17:16:01 +0000 (17:16 +0000)
diff --git a/openwrt/target/default/target_skeleton/etc/init.d/S45firewall b/openwrt/target/default/target_skeleton/etc/init.d/S45firewall

index dc429f27254290f1065f588109e479c0f6eb863e..8350ccbfefa1f5dd6c0b41f988a7a4f71a8707c0 100755 (executable)
--- a/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
+++ b/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
@@ -26,7 +26,7 @@ iptables -t nat -N postrouting_rule
    iptables -P INPUT DROP
    iptables -A INPUT -m state --state INVALID -j DROP
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-  iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j  DROP
+  iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j  DROP
  
    #
    # insert accept rule or to jump to new accept-check table here
author	Mike Baker <mbm@openwrt.org>
	Fri, 15 Jul 2005 17:16:01 +0000 (17:16 +0000)
committer	Mike Baker <mbm@openwrt.org>
	Fri, 15 Jul 2005 17:16:01 +0000 (17:16 +0000)