Drop invalid connection, biasanya aktifitas scanner.

/*ok langsung*/
iptables -N BDFLGS
iptables -A BDFLGS -j DROP



/*TCP_FLAGS -- check tcp flags */
iptables -N TCP_FLAGS
iptables -A TCP_FLAGS -p tcp --tcp-flags ACK,FIN FIN -j BDFLGS
iptables -A TCP_FLAGS -p tcp --tcp-flags ACK,PSH PSH -j BDFLGS
iptables -A TCP_FLAGS -p tcp --tcp-flags ACK,URG URG -j BDFLGS
iptables -A TCP_FLAGS -p tcp --tcp-flags FIN,RST FIN,RST -j BDFLGS
iptables -A TCP_FLAGS -p tcp --tcp-flags SYN,FIN SYN,FIN -j BDFLGS
iptables -A TCP_FLAGS -p tcp --tcp-flags SYN,RST SYN,RST -j BDFLGS
iptables -A TCP_FLAGS -p tcp --tcp-flags ALL ALL -j BDFLGS
iptables -A TCP_FLAGS -p tcp --tcp-flags ALL NONE -j BDFLGS
iptables -A TCP_FLAGS -p tcp --tcp-flags ALL FIN,PSH,URG -j BDFLGS
iptables -A TCP_FLAGS -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j BDFLGS
iptables -A TCP_FLAGS -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j BDFLGS

/*Syntax untuk mikrotik */
/ip firewall filter add chain=input protocol=tcp tcp-flags=!ack,fin action=drop
/ip firewall filter add chain=input protocol=tcp tcp-flags=!ack,psh action=drop
/ip firewall filter add chain=input protocol=tcp tcp-flags=!ack,urg action=drop
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,rst action=drop
/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,fin action=drop
/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=drop
/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst,ack,fin,urg,cwr,ece,psh action=drop
/ip firewall filter add chain=input protocol=tcp tcp-flags=!syn,!rst,!ack,!fin,!urg,!cwr,!ece,!psh action=drop
/ip firewall filter add chain=input protocol=tcp tcp-flags=!syn,!rst,!ack,fin,urg,!cwr,!ece,psh action=drop
/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,!rst,!ack,fin,urg,!cwr,!ece,psh action=drop
/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst,ack,fin,urg,!cwr,!ece,!psh action=drop
/ip firewall filter add chain=input action=return

/*HTH, ciao.. */