On Tue, 6 Sep 2005 17:56:40 +0200 "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
> I have an important question: > it's possible to define a filter that have as srcaddr or dstaddr > all ip-address different from a host or a subnet? this does not make a whole lot of sense. you could however make a filter rule like this: pass in on $interface from 10.10.10.0/24 to any pf filters at layer 3, which means it's above the ethernet layer, unless it's a bridge, but it's still a layer 3 bridge all the same. i do not think you can filter packets based on their subnet mask. you certainly cant filter on host name, why would you want to? a dns attack is not too hard, there are many bugs in bind. -- http://edd.link9.net - http://irc.is-cool.net
