# Note: some operating systems send SYN-ACK, FIN-ACK and RST-ACK /sbin/iptables -N FTP /sbin/iptables -A FTP -m limit --limit 1/second -p tcp --tcp-flags SYN,FIN,RST,URG,PSH RST --dport 21 -j ACCEPT /sbin/iptables -A FTP -m limit --limit 1/second -p tcp --tcp-flags SYN,FIN,RST,URG,PSH FIN --dport 21 -j ACCEPT /sbin/iptables -A FTP -m limit --limit 1/second -p tcp --tcp-flags SYN,FIN,RST,URG,PSH SYN --dport 21 -j ACCEPT /sbin/iptables -A FTP -m state --state ESTABLISHED,RELATED -p tcp --dport 21 -j ACCEPT