Date: Wed, 28 Feb 2007 13:42:42 -0600 (CST) From: "Jeremy C. Reed" <reed@reedmedia.net> To: Eduardo Meyer <dudu.meyer@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: flags tcp and abscence of flag Message-ID: <Pine.NEB.4.64.0702281336230.1764@glacier.reedmedia.net> In-Reply-To: <d3ea75b30702281111q1160f097oc07e135e4d4d52c3@mail.gmail.com> References: <d3ea75b30702281111q1160f097oc07e135e4d4d52c3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 Feb 2007, Eduardo Meyer wrote: > I need write a PF rule that does what this IPFW rule do: > > deny log tcp from any to any tcpflags fin,!syn,!rst,!ack in > > Someone told me to do this: > > block drop log in quick from any to any flags F/SRA This means: look at the SYN, RST, ACK flags but only match if the SYN flag is set. I think you want: flags F/FSRA So it will also inspect for the FIN flag. Scrubbing will change this too. > But as far as I read the PF FAQ and man page, this is incorrect. > However I did not find a way to to make a rule with absence of a flag, > just like the !flag on ipfw. > > Can someone please convert this simple ipfw rule to of? Jeremy C. Reed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.64.0702281336230.1764>