Firewall rule question ..

medavian · July 12, 2004, 1:42pm

Hello All,

I am just porting my old linux firewall rules to MT.

Got them all done except for in one of my Shaping rules. In linux I was able to say something like the following;

iptables -A PREROUTING -t mangle -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -j chkack

Does this do the same under MT ?

/ip firewall mangle add protocol=tcp tcp-options=syn-only action=passthrough mark-flow=high

I am more interested in the SYN,RST,ACK ACK matching than anything ..

regards,
Darrin

medavian · July 12, 2004, 1:55pm

While we are at it .. how about packet length matching ?

iptables -A chkack -t mangle -p tcp -m length --length 0:128 -j MARK --set-mark 1

Any thoughts ?

Darrin

lastguru · July 12, 2004, 7:54pm

Check out cersion 2.9 - it has much more firewall filters that the version 2.8