https://github.com/yoramvandevelde/nfta ... init.rules which gives the error
Code: Select all
nft add rule ip filter input iifname enp2s0 tcp flags & (ack|fin) == fin drop
-bash: syntax error near unexpected token `=='
Code: Select all
nft add rule inet filter input iifname enp2s0 tcp flags ack,fin,fin drop
Code: Select all
root@debian:~# nft list ruleset
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
iifname "enp2s0" tcp flags != syn ct state new drop
iifname "enp2s0" udp length { 28-32 } drop
iifname "enp2s0" tcp flags fin,ack drop
iifname "lo" ct state established,related accept
iifname "enp2s0" ct state established,related accept
iifname "enp2s0" ct state invalid,untracked drop
}
}
Code: Select all
iptables -L -v
P.S i checked the book Linux Firewalls ® Enhancing Security with nftables and Beyond fourth edition by Steve Suehring it only mentions TCP stealth scan rules for iptables only.