From 1c110b6f94b89cbfca7497dc957dfeb9e29859d9 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 25 Apr 2017 13:01:23 +0100
Subject: [PATCH] Drop more bogons

---
 src/freedombone-utils-firewall | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index dc9433998..3b44daf5f 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -146,6 +146,20 @@ function configure_firewall {
     iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
     iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
     iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
 
     # Incoming malformed NULL packets:
     iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
-- 
GitLab