Change comment on SPT=0 trap

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@375 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-20 01:13:41 +00:00 · 2002-12-20 01:13:41 +00:00 · 43b6a8acc8
commit 43b6a8acc8
parent 1c8b19cfe8
1 changed files with 3 additions and 3 deletions
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -3532,9 +3532,9 @@ add_common_rules() {
 	run_iptables -A tcpflags -p tcp --tcp-flags SYN,RST SYN,RST $disposition
 	run_iptables -A tcpflags -p tcp --tcp-flags SYN,FIN SYN,FIN $disposition
 	#
-	# A Shorewall user reported seeing outgoing SYN ACK packets with DPT=0
-	# That prompted me to add the following which will stop an incoming
-	# SYN with SPT=0
+	# There are a lot of probes to ports 80, 3128 and 8080 that use a source
+	# port of 0. This catches them even if they are directed at an IP that
+	# hosts a web server.
 	#
 	run_iptables -A tcpflags -p tcp --syn --sport 0             $disposition