Re: ipt_unclean: TCP flags bad: 4

From: Alan J. Wylie (
Date: Sun Jul 22 2001 - 13:10:12 EST

On Sun, 22 Jul 2001 19:51:43 +0200 (CEST), Luigi Genoni <> said:

> There was a bug introduced with kernel 2.4.6, but it was solved with
> one of the latest 2.4.7-pre patch, i do not remember which one.

> actually i was happily using tcp_unclean on my production servers,
> but with 2.4.6 i was forced to avoid it. I still have to try 2.4.7
> to see if it works properly.

> If you use a rule like

> iptables -A INPUT -m unlean -j DROP
unclean, unclean <ding> ;-)

> are you still able to connect in/out of your box?

$MYIPTABLES --append INPUT --match unclean --jump DROP

has been at the start of my rules for a long time. I wasn't seeing
any *serious* problems browsing the web, etc., but was getting a few
"unable to connect to host" pages. Some of them went away on refresh,
but some sites I just couldn't get to. On the other hand, that's
normal for the Internet.

Alan J. Wylie              
"Perfection [in design] is achieved not when there is nothing left to add,
but rather when there is nothing left to take away."
  Antoine de Saint-Exupery
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon Jul 23 2001 - 21:00:15 EST