flags tcp and abscence of flag
Eduardo Meyer
dudu.meyer at gmail.com
Wed Mar 7 15:36:38 UTC 2007
On 3/1/07, Daniel Hartmeier <daniel at benzedrine.cx> wrote:
> On Wed, Feb 28, 2007 at 04:48:37PM -0300, Eduardo Meyer wrote:
>
> > Translating to human lang, what I want is "look everywhere and match
> > only packets with fin set but syn, rst and ack unset.
> >
> > How can I do the "unset" evaluation?
>
> "flags F/FSRA" does precisely that. It is not the same as "flags F/F",
> which would only test whether FIN is set.
>
> Daniel
>
Thank you Daniel, this is what I wanted to understand.
I wish I could read "check within <b> flags if <a> flags are set. The
ones present in <b> but not in <a> shall be unset for the rule to
match." on man page, since now I see I lacked on good interpretation
of the man page.
Thanks everyone who pointed me only to trust the "scrub" action, but
in my situation I can't just cast a spell and hope things get
automagically done. I need independant and accounted rules for a
number of invalid flags combination.
--
===========
Eduardo Meyer
pessoal: dudu.meyer at gmail.com
profissional: ddm.farmaciap at saude.gov.br
More information about the freebsd-pf
mailing list