An Example of Dropping a Packet

iptables -A INPUT -p tcp \ --tcp-flags ACK,FIN FIN -j DROP
- Belongs to the INPUT chain
- Applies to TCP packets
- Examines the FIN and ACK bits in the TCP packets, and...
- ... drops only those that have only the FIN bit set

iptables -A INPUT -p tcp \ --tcp-flags ACK,FIN FIN -j DROP