I cant block ACK packets going through port 80

Question

I want to block nmap's ack ping probes and in order to do that, I fist need to block all incoming ack packets coming on port 80. I used this command but it didnt work:

iptables -A INPUT -p tcp --dport 80 --tcp-falgs ALL ACK -j DROP

The thing is it works with any port other than 80 and 443 and they happen to be the ports for http/https protocols. Is there any way to make this work and block those unexpected ACK packets on those ports?

Here is all of my rules that from input chain:

iptables -P INPUT DROP

iptables -A INPUT -p tcp --dport 80 --tcp-flags ALL ACK -j LOG --log-prefix "PSAD: ACK PING "
iptables -A INPUT -p tcp --dport 80 --tcp-flags ALL ACK -j DROP

iptables -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-ip-options --log-tcp-options
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT

Thank you in advance...

Answer 1

I apologize to everyone for taking your time. I just noticed that I had a nat rule that forwards all packets coming to port 80 to another ip address where no host is running. And since PREROUTING comes before INPUT chain it gets forwarded directly to another host that doesnt exist. That's why rules I applied didnt take any effect