Hello Henning, Tuesday, July 22, 2003, 5:46:54 PM, you wrote:
Henning> On Tue, Jul 22, 2003 at 09:43:18PM +0100, Dom De Vitto wrote: >> Henning, >> Can you expand on "I consider this flags filtering stupid.", do you >> mean using S/SA is good, bad, or do you mean something else? Henning> I mean that I consider every rule with the "flags" keyword Henning> stupid. It is useless. Henning> I explained that before, please somebody dig that mail out ;-) I guess he referres to a discussion over which set of flags was the correct to use (I can't remember but I think I was actually guilty of insisting on the topic). It seems to start in this thread: http://marc.theaimsgroup.com/?l=openbsd-pf&m=103947548417842&w=2 Basically, I think he refers to the use of 'flags' as being no effective to block attacks. I don't think he refers to stateful filtering. Which are very related but don't need to actually be used together (think). But look at this: http://marc.theaimsgroup.com/?l=openbsd-pf&m=103962333222121&w=2 and this: http://marc.theaimsgroup.com/?l=openbsd-pf&m=105854349422120&w=2 So I would take my own opinion with a grain of salt :-) -- Best regards, Alejandro Belluscio
