From 88e1bfbfde8f0905c677b2d3177c210e38719202 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= <jschneider@entrouvert.com>
Date: Mon, 3 Feb 2014 10:45:25 +0100
Subject: [PATCH] Disable old protections against spoofing, scan port, Xmas
 Tree, null scanning, SYN/RST and SYN/FIN

---
 eofirewall | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

diff --git a/eofirewall b/eofirewall
index 575ce95..053419d 100755
--- a/eofirewall
+++ b/eofirewall
@@ -251,25 +251,8 @@ start()
    fi
 
     ## block spoofing
-    log_action_msg "Block spoofing, scan port, Xmas Tree, null scanning, SYN/RST and SYN/FIN"
+    log_action_msg "Enable rp filter"
     echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
-    ## NMAP FIN/URG/PSH
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-prefix 'iptables: Port scan: ' --log-level 4
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
-    ## stop Xmas Tree type scanning
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "iptables: Xmas tree: " --log-level 4
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL ALL -j DROP
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "iptables: Xmas tree: " --log-level 4
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
-    ## stop null scanning
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "iptables: Null scanning: " --log-level 4
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL NONE -j DROP
-    ## SYN/RST
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "iptables: SYN/RST: " --log-level 4
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
-    ## SYN/FIN
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "iptables: SYN/FIN: " --log-level 4
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
 
     ## stop sync flood
     log_action_msg "Block Syn flood"