ipfw established option
Muk Dunkin
mukden at yahoo.com
Wed Jul 20 02:45:39 GMT 2005
Hi all,
According to the man page, setting the ipfw
established option matches TCP packets that have the
RST or ACK bits set. But from looking at the source
ip_fw2.c, it only rejects packets with SYN only, but
allows packets with NO flag bits set and packets with
URG/PSH/FIN.
/* reject packets
which have SYN only */
/* XXX should i also
check for TH_ACK ? */
match = (proto ==
IPPROTO_TCP && offset == 0 &&
(L3HDR(struct
tcphdr,ip)->th_flags &
(TH_RST | TH_ACK
| TH_SYN)) != TH_SYN);
Is this a bug or that's part of the design?
thx
Mukden
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
More information about the freebsd-ipfw
mailing list