Date: Wed, 28 Feb 2007 16:48:37 -0300 From: "Eduardo Meyer" <dudu.meyer@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: flags tcp and abscence of flag Message-ID: <d3ea75b30702281148q41a585c7s7ec1f4d3361be554@mail.gmail.com> In-Reply-To: <Pine.NEB.4.64.0702281336230.1764@glacier.reedmedia.net> References: <d3ea75b30702281111q1160f097oc07e135e4d4d52c3@mail.gmail.com> <Pine.NEB.4.64.0702281336230.1764@glacier.reedmedia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/28/07, Jeremy C. Reed <reed@reedmedia.net> wrote: > On Wed, 28 Feb 2007, Eduardo Meyer wrote: > > > I need write a PF rule that does what this IPFW rule do: > > > > deny log tcp from any to any tcpflags fin,!syn,!rst,!ack in > > > > Someone told me to do this: > > > > block drop log in quick from any to any flags F/SRA > > This means: look at the SYN, RST, ACK flags but only match if the SYN flag > is set. > > I think you want: > > flags F/FSRA > > So it will also inspect for the FIN flag. Translating to human lang, what I want is "look everywhere and match only packets with fin set but syn, rst and ack unset. How can I do the "unset" evaluation? -- =========== Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d3ea75b30702281148q41a585c7s7ec1f4d3361be554>