--syn is mandatory only for ACCEPT

toralf · Jul 6, 2024 · a04e796 · a04e796
1 parent 0ef17b1
commit a04e796
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/ipv4-rules.sh b/ipv4-rules.sh
@@ -43,7 +43,7 @@ function addTor() {
       return 1
     fi
     read -r orip orport <<<$(tr ':' ' ' <<<$relay)
-    local common="$ipt -A INPUT -p tcp --dst $orip --dport $orport --syn"
+    local common="$ipt -A INPUT -p tcp --dst $orip --dport $orport"
 
     local ddoslist="tor-ddos-$orport" # this holds ips classified as DDoS'ing the local OR port
     __create_ipset $ddoslist "maxelem $max timeout $((24 * 3600))"
@@ -63,7 +63,7 @@ function addTor() {
     $common -m connlimit --connlimit-mask $prefix --connlimit-above 9 -j $jump
 
     # rule 4
-    $common -j ACCEPT
+    $common --syn -j ACCEPT
   done
 }
 

diff --git a/ipv6-rules.sh b/ipv6-rules.sh
@@ -51,7 +51,7 @@ function addTor() {
       orip+="/0"
       echo " notice: using global unicast IPv6 address [::]" >&2
     fi
-    local common="$ipt -A INPUT -p tcp --dst $orip --dport $orport --syn"
+    local common="$ipt -A INPUT -p tcp --dst $orip --dport $orport"
 
     local ddoslist="tor-ddos6-$orport" # this holds ips classified as DDoS'ing the local OR port
     __create_ipset $ddoslist "maxelem $max timeout $((24 * 3600)) netmask $prefix"
@@ -71,7 +71,7 @@ function addTor() {
     $common -m connlimit --connlimit-mask $prefix --connlimit-above 9 -j $jump
 
     # rule 4
-    $common -j ACCEPT
+    $common --syn -j ACCEPT
   done
 }