Re: ipfw drop packets based on SYN TTL
Is this similar to the following kernel configuration? options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN Thanks! Bruce. __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ipfw drop packets based on SYN TTL
On Mon, Aug 14, 2000 at 06:44:28PM -0400, Bruce Petro wrote: Is this similar to the following kernel configuration? options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN Not at all. The original poster is looking to drop all packets with a certain tcp syn#, where the TCP_DROP_SYNFIN option (and you must turn on the corresponding sysctl for it to be enabled) drops all packets with both the "syn" and "fin" flags set. functionally equivalent to: ipfw add drop tcp from any to any tcpflags syn,fin -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. [EMAIL PROTECTED] / [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ipfw drop packets based on SYN TTL
No, TTL is in IP header while SYN FIN are TCP flags. On Mon, 14 Aug 2000, Bruce Petro wrote: Is this similar to the following kernel configuration? options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN Thanks! Bruce. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ipfw drop packets based on SYN TTL
Hi, I need to drop packets using ipfw based on the value of TTL and the value of TTL on a 2.2.8-stable system. It seems ipfw does not support this, what options do I have? If you use IP Filter, this should "just work". You won't have to upgrade your system to FreeBSD 4.x/5.x either. I still use FreeBSD 2.2.X with current versions of IP Filter with no trouble. The syntax would be: block in ttl 1 proto tcp all flags S/S to block all TCP packets with the SYN bit set and a TTL of 1. Darren To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
ipfw drop packets based on SYN TTL
Hi, I need to drop packets using ipfw based on the value of TTL and the value of TTL on a 2.2.8-stable system. It seems ipfw does not support this, what options do I have? thanks To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ipfw drop packets based on SYN TTL
On Sat, 12 Aug 2000, FengYue wrote: Hi, I need to drop packets using ipfw based on the value of TTL and the value of TTL on a 2.2.8-stable system. It seems ^^^ I meant SYN To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ipfw drop packets based on SYN TTL
On Sat, Aug 12, 2000 at 12:06:24PM -0700, FengYue wrote: Hi, I need to drop packets using ipfw based on the value of TTL and the value of TTL on a 2.2.8-stable system. It seems ^^^ I meant SYN Okay, then I already wrote this and just haven't committed it. I will within the next week, but again, you'll have to upgrade to 5.x/4.x -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. [EMAIL PROTECTED] / [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ipfw drop packets based on SYN TTL
At 05:34 PM 8/12/00 -0400, Bill Fumerola wrote: On Sat, Aug 12, 2000 at 12:03:15PM -0700, FengYue wrote: Hi, I need to drop packets using ipfw based on the value of TTL and the value of TTL on a 2.2.8-stable system. It seems ipfw does not support this, what options do I have? Why dont you just hack the IP code? its a lot easier than upgrading. DB To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ipfw drop packets based on SYN TTL
On Sat, 12 Aug 2000, Dennis wrote: At 05:34 PM 8/12/00 -0400, Bill Fumerola wrote: On Sat, Aug 12, 2000 at 12:03:15PM -0700, FengYue wrote: Hi, I need to drop packets using ipfw based on the value of TTL and the value of TTL on a 2.2.8-stable system. It seems ipfw does not support this, what options do I have? Why dont you just hack the IP code? its a lot easier than upgrading. DB That's what I'm going to do:). Thanks people, and Bill, it's very nice that we're going to have those options in 4.x/5.x. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message