I have a program which uses libpcap to capture incoming TCP SYN packets, these SYN packets are destined for a specific port.
But I have no tcp listening socket for that port, so in practice, the OS Kernel(it is the kernel or the tcp stack? I’m not sure, can anyone tell me) will issue a RST to the source ip of the TCP SYN.
now I want to prevent the RST, I don’t want the RST to be sent to the source ip. I think maybe iptables can do this?
so how to set the rules with iptables to prevent these RSTs (which are triggered by incoming TCP SYN for a specific port)?
if there are other better solutions, that’s better!
A rather basic inbound blocking setup is this:
# Set default policy to 'drop everything' iptables -P INPUT DROP # Allow lo traffic iptables -A INPUT -i lo -j ACCEPT # Allow icmp iptables -A INPUT -p icmp -j ACCEPT # Allow packets sent in response to an outgoing connection iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow outgoing connections iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT
This should drop all attempts of establishing a connection to your host.
If you want to be more specific, try adding one of these:
# Block request from being handled further by the TCP stack iptables -A INPUT -p tcp --dport <port> -j DROP # Send an ICMP 'administratively prohibited' response iptables -A INPUT -p tcp --dport <port> -j REJECT # Don't send any RESETs upon a request to this port iptables -A OUTPUT -p tcp -o <outgoing interface> --sport <port> --tcp-flags RST RST -j DROP