[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    RE: Rule of thumb for TCP SYN flag...
From:       "Small, Jim" <jim.small () eds ! com>
Date:       2002-12-17 5:35:14
[Download RAW message or body]

Ahhhhhh...

Now I get it, I just have to learn to think more creatively.  Hopefully I
can think at least slightly more creatively than would be crackers.  ;-)

Thanks,
   <> Jim

-----Original Message-----
From: Darren Reed [mailto:darrenr@reed.wattle.id.au] 
Sent: Friday, December 13, 2002 8:29 PM
To: Small, Jim
Cc: ipfilter@coombs.anu.edu.au
Subject: Re: Rule of thumb for TCP SYN flag...

In some email I received from Small, Jim, sie wrote:
> Darren,
> 
> I'm just not clear on why you would want to specify flags at all.  For
> example, why would you want to specify:
> block in log quick on tun0 proto tcp from any to 0/32 port = 1214 flags
S/SA
> keep state
> 
> vs.
> 
> block in log quick on tun0 proto tcp from any to 0/32 port = 1214

Ok, you've caught me out there.

I usually associate blocking rules with "flags S/SA" as being separate
because I'll include a "return-rst" in them.  All other combinations I
just leave to the default action (block silently).

Darren
[prev in list] [next in list] [prev in thread] [next in thread]