On 2/28/07, Jeremy C. Reed <[EMAIL PROTECTED]> wrote:
On Wed, 28 Feb 2007, Eduardo Meyer wrote:> I need write a PF rule that does what this IPFW rule do: > > deny log tcp from any to any tcpflags fin,!syn,!rst,!ack in > > Someone told me to do this: > > block drop log in quick from any to any flags F/SRA This means: look at the SYN, RST, ACK flags but only match if the SYN flag is set. I think you want: flags F/FSRA So it will also inspect for the FIN flag.
Translating to human lang, what I want is "look everywhere and match only packets with fin set but syn, rst and ack unset. How can I do the "unset" evaluation? -- =========== Eduardo Meyer pessoal: [EMAIL PROTECTED] profissional: [EMAIL PROTECTED] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
