iptables --tcp-flags

Question

是的，这两个问题都适用。

ALL是相同的FIN,SYN,RST,PSH,ACK,URG。

查看使用TCP协议时使用的man iptables-extensions命令：。--tcp-flags-p tcp

[!] --tcp-flags mask comp
          Match when the TCP flags are as specified.  The  first  argument
          mask  is  the flags which we should examine, written as a comma-
          separated list, and the second argument comp  is  a  comma-sepa‐
          rated  list  of flags which must be set.  Flags are: SYN ACK FIN
          RST URG PSH ALL NONE.  Hence the command
           iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN
          will only match packets with the SYN flag set, and the ACK,  FIN
          and RST flags unset.

Answer 1

是的，这两个问题都适用。

ALL是相同的FIN,SYN,RST,PSH,ACK,URG。

查看使用TCP协议时使用的man iptables-extensions命令：。--tcp-flags-p tcp

[!] --tcp-flags mask comp
          Match when the TCP flags are as specified.  The  first  argument
          mask  is  the flags which we should examine, written as a comma-
          separated list, and the second argument comp  is  a  comma-sepa‐
          rated  list  of flags which must be set.  Flags are: SYN ACK FIN
          RST URG PSH ALL NONE.  Hence the command
           iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN
          will only match packets with the SYN flag set, and the ACK,  FIN
          and RST flags unset.

iptables --tcp-flags

答案1

相关内容