Block XMAS and NULL scans with IPTables

Simple little rule to drop XMAS (All flags in a TCP Packet Set, hence “lit up like an Xmas tree!”) and NULL port scans (No flags set).

iptables -t nat -A PREROUTING -p tcp –tcp-flags ALL ALL -j DROP
iptables -t nat -A PREROUTING -p tcp –tcp-flags ALL NONE -j DROP

You can add these rules to a seperate chain for TCP if you have a high traffic firewall. More information on chains here.

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

July 28th, 2008
By Joe | filed under Firewall, Network |