firewall rule for badflag?

Spirch · November 16, 2016, 4:16pm

with current version, is is good to have these or are they completely useless/noise?

add action=jump chain=input comment="Drop INPUT Invalid TCP flags" jump-target=BADFLAGS protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=jump chain=input comment="Drop INPUT Invalid TCP flags" jump-target=BADFLAGS protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=jump chain=input comment="Drop INPUT Invalid TCP flags" jump-target=BADFLAGS protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=jump chain=input comment="Drop INPUT Invalid TCP flags" jump-target=BADFLAGS protocol=tcp tcp-flags=ack,urg
add action=jump chain=input comment="Drop INPUT Invalid TCP flags" jump-target=BADFLAGS protocol=tcp tcp-flags=fin,!ack
add action=jump chain=input comment="Drop INPUT Invalid TCP flags" jump-target=BADFLAGS protocol=tcp tcp-flags=fin,rst
add action=jump chain=input comment="Drop INPUT Invalid TCP flags" jump-target=BADFLAGS protocol=tcp tcp-flags=fin,syn
add action=jump chain=input comment="Drop INPUT Invalid TCP flags" jump-target=BADFLAGS protocol=tcp tcp-flags=fin,urg
add action=jump chain=input comment="Drop INPUT Invalid TCP flags" jump-target=BADFLAGS protocol=tcp tcp-flags=syn,rst
add action=log chain=input comment="Drop INPUT Invalid TCP flags" log-prefix="\?\?\? INPUT Invalid TCP flags: " protocol=tcp tcp-flags=rst,urg
add action=log chain=input comment="Drop INPUT Invalid TCP flags" log-prefix="\?\?\? INPUT Invalid TCP flags: " protocol=tcp tcp-flags=!fin,!syn,!rst,!ack
add action=drop chain=BADFLAGS comment="Drop INPUT Invalid TCP flags" log=yes log-prefix=Drop

knowing that these are before

add action=jump chain=input comment="Drop INPUT invalid connection" connection-state=invalid jump-target=INVALID
add action=jump chain=forward comment="Drop FORWARD invalid connection" connection-state=invalid jump-target=INVALID
add action=jump chain=output comment="Drop OUTPUT invalid connection" connection-state=invalid jump-target=INVALID
add action=drop chain=INVALID comment="Drop invalid connection" log=yes log-prefix=Drop