[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-pf
Subject: Re: Senseless Waste?
From: Henning Brauer <henning () openbsd ! org>
Date: 2004-06-11 18:48:11
Message-ID: 20040611184811.GN19228 () skywalker ! bsws ! de
[Download RAW message or body]
* interval@softhome.net <interval@softhome.net> [2004-06-11 20:43]:
> From some other rules files I noticed while scanning the web for
> pf-concerned pages:
>
> # Block bad tcp flags from malicious people and nmap scans
> block in log quick on $ext_if proto tcp from any to any flags /S
> block in log quick on $ext_if proto tcp from any to any flags /SFRA
> block in log quick on $ext_if proto tcp from any to any flags /SFRAU
> block in log quick on $ext_if proto tcp from any to any flags A/A
> block in log quick on $ext_if proto tcp from any to any flags F/SFRA
> block in log quick on $ext_if proto tcp from any to any flags U/SFRAU
> block in log quick on $ext_if proto tcp from any to any flags SF/SF
> block in log quick on $ext_if proto tcp from any to any flags SF/SFRA
> block in log quick on $ext_if proto tcp from any to any flags SR/SR
> block in log quick on $ext_if proto tcp from any to any flags FUP/FUP
> block in log quick on $ext_if proto tcp from any to any flags FUP/SFRAUPEW
> block in log quick on $ext_if proto tcp from any to any flags SFRAU/SFRAU
> block in log quick on $ext_if proto tcp from any to any flags SFRAUP/SFRAUP
>
> Is this configuration not covered with
>
> set block-policy drop
yes, but different ;)
> Or is there some merit to explicately filtering every flag combination?
that's what this does. However, it is stupid.
--
Henning Brauer, BS Web Services, http://bsws.de
hb@bsws.de - henning@openbsd.org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic