On Sunday 05 October 2008 19:53:03 Scott Bennett wrote:
> I'm getting a lot of messages like this:
> Oct 4 14:30:00 hellas kernel: Limiting closed port RST response from 250
> to 200 packets/sec
> Is there some rule I can insert into /etc/pf.conf to reject these
> apparently invalid RST packets before they can bother TCP? At the same
> time, I do not want to reject legitimate RST packets.
> Thanks in advance for any clues!
Chances are pf is *creating* them. RST responses are used to signal that a
port is closed, which is what block-policy return does. Combined with default
block all, a simple portscan will generate this.
Switch to block-policy drop and set return for real denies, not default
Problem with today's modular software: they start with the modules
and never get to the software part.
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"