Hi
I was wondering how I can block SYN packets from the forward chain.
In linux I can set a mask and check the value of the tcp flaps
I tried
add action=accept chain=YBFWDIN comment=“allow non SYN tcp traffic” tcp-flags=!syn protocol=tcp
but I had to add
add action=accept chain=YBFWDIN comment=“allow SYN,ack tcp traffic” tcp-flags=syn,ack protocol=tcp
so in forward I jump to YBFWDIN if in-interface=!ether1
I suppose I could try connection-state (just thought of that as I was typing)
add action=accept chain=YBFWDIN comment=“Allow non SYN connections” connection-state=!new
??