pf vs. RST attack question
James Seward
jamesoff at gmail.com
Mon Oct 6 13:44:56 UTC 2008
On Mon, Oct 6, 2008 at 12:51 PM, Jeremy Chadwick <koitsu at freebsd.org> wrote:
> I've never gotten a definite answer as to what happens if you use "flags
> S/SA" on a rule that is for UDP, since UDP is a non-negotiated protocol.
> That's why I split them up per protocol on RELENG_6 boxes.
It intelligently ignores it:
% pfctl -vn -f-
pass out proto { tcp udp } all flags S/SA keep state
Output:
pass out proto tcp all flags S/SA keep state
pass out proto udp all keep state
/JMS
More information about the freebsd-questions
mailing list