Reference: http://www.benzedrine.cx/ackpri.html
One of the rules in that document is:
pass out on $ext_if proto tcp from $ext_if to any flags S/SA \
keep state queue (q_def, q_pri)
But, this is from the pf.conf man page:
flags <a>/<b> | /<b>
This rule only applies to TCP packets that have the flags <a>
set out of set <b>. Flags not specified in <b> are ignored.
..
flags S/SA Out of SYN and ACK, exactly SYN may be set. SYN,
SYN+PSH and SYN+RST match, but SYN+ACK, ACK and ACK+RST
do not. This is more restrictive than the previous example.
..
Doesn't the pf rule listed above actually filter SYN packets and *not*
ACK packets? Would the correct syntax, according to the pf.conf man
page, for filtering ACK packets be:
A/SAP
Translation: Mask everything put SYN, ACK, and PUSH but select packets
with only the ACK bit set. Ignore packets with SYN+ACK or ACK+PUSH.
Am I misreading the man page?
--
---
Nathan Valentine - [EMAIL PROTECTED]
Systems/Network Admin
415.561.6780
Discovery Mining, Inc. - http://www.discoverymining.com
