+ tcp flags & (fin|syn|rst|psh|ack|urg) == fin|psh|urg jump log-and-drop
+ tcp flags & (fin|syn|rst|psh|ack|urg) == 0x0 jump log-and-drop
+ tcp flags & (syn|rst) == syn|rst jump log-and-drop
+ tcp flags & (fin|rst) == fin|rst jump log-and-drop
+ tcp flags & (fin|syn) == fin|syn jump log-and-drop
+ tcp flags & (fin|psh|ack) == fin|psh jump log-and-drop
+ tcp sport 0 tcp flags & (fin|syn|rst|ack) == syn jump log-and-drop
+
+<% node[:networking][:firewall][:incoming].uniq.each do |rule| -%>