flags tcp and abscence of flag
Jeremy C. Reed
reed at reedmedia.net
Wed Feb 28 19:42:47 UTC 2007
On Wed, 28 Feb 2007, Eduardo Meyer wrote:
> I need write a PF rule that does what this IPFW rule do:
>
> deny log tcp from any to any tcpflags fin,!syn,!rst,!ack in
>
> Someone told me to do this:
>
> block drop log in quick from any to any flags F/SRA
This means: look at the SYN, RST, ACK flags but only match if the SYN flag
is set.
I think you want:
flags F/FSRA
So it will also inspect for the FIN flag.
Scrubbing will change this too.
> But as far as I read the PF FAQ and man page, this is incorrect.
> However I did not find a way to to make a rule with absence of a flag,
> just like the !flag on ipfw.
>
> Can someone please convert this simple ipfw rule to of?
Jeremy C. Reed
More information about the freebsd-pf
mailing list