From owner-freebsd-questions@FreeBSD.ORG Tue Mar 2 10:33:17 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D24016A4CE for ; Tue, 2 Mar 2004 10:33:17 -0800 (PST) Received: from gateway.home.ricin.net (cp464173-a.dbsch1.nb.home.nl [212.204.145.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id A5BAD43D41 for ; Tue, 2 Mar 2004 10:33:16 -0800 (PST) (envelope-from danny@ricin.com) Received: from workstation.home.ricin.net (workstation.home.ricin.net [172.16.32.66]) by gateway.home.ricin.net (Postfix) with ESMTP id 4520A24D09; Tue, 2 Mar 2004 19:33:15 +0100 (CET) From: Danny Pansters To: freebsd-questions@freebsd.org Date: Tue, 2 Mar 2004 19:33:14 +0100 User-Agent: KMail/1.6 References: <4044C412.1070207@ste-land.com> In-Reply-To: <4044C412.1070207@ste-land.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200403021933.14816.danny@ricin.com> cc: "Shaun T. Erickson" Subject: Re: How do I test for NO tcp flags being set, in ipfilter? (repost) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: danny@ricin.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 18:33:17 -0000 On Tuesday 02 March 2004 18:27, Shaun T. Erickson wrote: > How do I test for NO tcp flags being set, in ipfilter? You can filter on TCP flags but seems to me what you really mean is how to check for no TCP options ("nop") rather than no flags: 'with opt nop' is a syntax that should work. WRT flags, it's my understanding that every TCP packet has at least the A or S flag set. HTH, Dan