On Wed, Dec 11, 2002 at 03:07:20PM +0100, Saad Kadhi wrote: > Last time I checked QualysGuard(tm), a 'block in quick on $external_if > proto tcp from any to any flags FUP' stopped them from fingerprinting > the OS. That said, they also reported that PF (as of 3.0) was vulnerable > to packet fragmentation (indeed I had scrub activated. see > http://marc.theaimsgroup.com/?l=openbsd-misc&m=101541311510238&w=2).
If you really want it... block in log quick proto tcp all flags SF/SFRA block in log quick proto tcp all flags SFUP/SFRAU block in log quick proto tcp all flags FPU/SFRAUP block in log quick proto tcp all flags /SFRA block in log quick proto tcp all flags F/SFRA block in log quick proto tcp all flags U/SFRAU block in log quick proto tcp all flags P -- gustavo DCCC F540 C429 5636 EECF 5816 28E6 792E D820 15DE
