Content #
Incoming TCP packets from remote clients will have the SYN flag set in the first packet received as part of the three-way connection establishment handshake. The first connection request will have the SYN flag set, but not the ACK flag.
Every TCP packet received from a remote server will have the ACK flag set.Your local client firewall rules will require all incoming packets from remote servers to have the ACK flag set.
From #
Linux Security: Enhancing Security with nftables and Beyond