Dimitar Vassilev <[email protected]> writes: > $tg_in on $ext_if inet proto udp from any to any port=syslog > $tg_in on $ext_if from any to any flags P/FSRPAUEW > $tg_in on $ext_if from any to any flags FPU/FSRPAUEW > $tg_in on $ext_if from any to any flags FPU/FPU > $tg_in on $ext_if from any to any flags /FSRA > $tg_in on $ext_if from any to any flags FS/FSRA > $tg_in on $ext_if from any to any flags FSPU/FSPRAU > $tg_in on $ext_if from any to any flags FPU/FSRPAU > $tg_in on $ext_if from any to any flags /FSRPAU > $tg_in on $ext_if from any to any flags F/FSRA > $tg_in on $ext_if from any to any flags U/FSRAU > $tg_in on $ext_if from any to any flags S/FSRPAU > $tg_in on $ext_if from any to any flags P/FSRPAU > $tg_in on $ext_if from any to any flags A/A > $tg_in on $ext_if from any to any flags P/P
Each time I see this or something like it, I'm equally baffled. If you understand what this does and you can point to any actual benefit compared to a simple 'block' default at the very top of your rule set, please enlighten the rest of us. Explain each of these lines, what they do in real life network traffic, and do back it all up with tcpdump output (annotated if need be) and reproducible numbers and statistics. (otherwise, we will call it 'flags wanking', nevermind the quick gushers) - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
