> # Block bad tcp flags from malicious people and nmap scans
> block in log quick on $ext_if proto tcp from any to any flags /S
> block in log quick on $ext_if proto tcp from any to any flags /SFRA
> block in log quick on $ext_if proto tcp from any to any flags /SFRAU
> block in log quick on $ext_if proto tcp from any to any flags A/A
> block in log quick on $ext_if proto tcp from any to any flags F/SFRA
> block in log quick on $ext_if proto tcp from any to any flags U/SFRAU
> block in log quick on $ext_if proto tcp from any to any flags SF/SF
> block in log quick on $ext_if proto tcp from any to any flags SF/SFRA
> block in log quick on $ext_if proto tcp from any to any flags SR/SR
> block in log quick on $ext_if proto tcp from any to any flags FUP/FUP
> block in log quick on $ext_if proto tcp from any to any flags FUP/SFRAUPEW
> block in log quick on $ext_if proto tcp from any to any flags SFRAU/SFRAU
> block in log quick on $ext_if proto tcp from any to any flags SFRAUP/SFRAUP
I'm not sure of how many, but some of these are blocked by scrubbing.
Well the standard config doesn't do the same job as this rules. Test
it and enjoy :-)
--
Key fingerprint = 9864 E575 E207 FB90 44C8 26A2 0167 E57E 66ED 0F1D
