[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: RE: Rule of thumb for TCP SYN flag...
From: "Small, Jim" <jim.small () eds ! com>
Date: 2002-12-17 5:35:14
[Download RAW message or body]
Ahhhhhh...
Now I get it, I just have to learn to think more creatively. Hopefully I
can think at least slightly more creatively than would be crackers. ;-)
Thanks,
<> Jim
-----Original Message-----
From: Darren Reed [mailto:darrenr@reed.wattle.id.au]
Sent: Friday, December 13, 2002 8:29 PM
To: Small, Jim
Cc: ipfilter@coombs.anu.edu.au
Subject: Re: Rule of thumb for TCP SYN flag...
In some email I received from Small, Jim, sie wrote:
> Darren,
>
> I'm just not clear on why you would want to specify flags at all. For
> example, why would you want to specify:
> block in log quick on tun0 proto tcp from any to 0/32 port = 1214 flags
S/SA
> keep state
>
> vs.
>
> block in log quick on tun0 proto tcp from any to 0/32 port = 1214
Ok, you've caught me out there.
I usually associate blocking rules with "flags S/SA" as being separate
because I'll include a "return-rst" in them. All other combinations I
just leave to the default action (block silently).
Darren
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic