> > Agreed, but a quick block on some of the common nmap flags on the very top > > of your ruleset can save you some time (right?) Esp. when somebody went mad, > > has a big pipe and found out about insane-nmap timeing. > > *sigh* > > And all other tcp packets (which are most likely to happen more often) > evaluate through all that shit every time? Great gain after all, eh? >
I didn't test/benchmark/analyse it ... did you? It's just a bitmask afterall. max
