| Is it possible to explicitly deny specific incoming tcp flag possibilities as a single variable? I know I could set up ten different rules, but I understand this may run quicker, even if the difference isn't noticable it seems much cleaner. It's hard to ask the question... in other words, will the following work? Does pf syntax allow this? BadTCPFlags="{ FUP, FUP/FUP, SF/SFRA, /SFRA, F/SFRA, U/SFRAU, P, \ FS/FS, FSRPAU, /FSRPAU }" block in quick proto tcp all flags $BadTCPFlags TIA, Adam Wenzel |
- Re: grouped tcp flags HKSPKS
- Re: grouped tcp flags jared r r spiegel
- Re: grouped tcp flags pb
- Re: grouped tcp flags Daniel Hartmeier
- Re: grouped tcp flags HKSPKS
- Re: grouped tcp flags Philipp Buehler
- Re: grouped tcp flags Max Laier
- Re: grouped tcp flags Philipp Buehler
- Re: grouped tcp flags Max Laier
- Re: grouped tcp flags Mike Pechkin
