From owner-freebsd-hackers Wed Jun 28 05:59:20 1995 Return-Path: hackers-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id FAA05532 for hackers-outgoing; Wed, 28 Jun 1995 05:59:20 -0700 Received: from mail.barrnet.net (mail.barrnet.net [131.119.246.7]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id FAA05526 for ; Wed, 28 Jun 1995 05:59:18 -0700 Received: from dataplex.net (SHARK.DATAPLEX.NET [199.183.109.241]) by mail.barrnet.net (8.6.10/MAIL-RELAY-LEN) with ESMTP id FAA05549 for ; Wed, 28 Jun 1995 05:59:17 -0700 Received: from [199.183.109.242] by dataplex.net with SMTP (MailShare 1.0b8); Wed, 28 Jun 1995 07:59:15 -0500 X-Sender: wacky@shark.dataplex.net Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 28 Jun 1995 07:59:15 -0500 To: lists@tar.com (Richard Seaman, Jr) From: rkw@dataplex.net (Richard Wackerbarth) Subject: Re: ipfw code Cc: hackers@freebsd.org Sender: hackers-owner@freebsd.org Precedence: bulk >On Tue, 27 Jun 1995 19:13:54 +0200 (MET DST) you wrote: > >>Currently, th ip_fw code has an option to block on packets with the >>SYN falg set. I think this is useless as it basically blocks all tcp >>traffic. > The ability to recognize certain packets also relates to the option to log their occurance. If you wish to log TCP connections, that you need to recognize the connection as distinct from the continuing traffic. Another reason to distinguish the packets of filtering efficiency. The bulk of the packets are a continuation of an existing connection. If you allow the already established connections to continue, the average number of tests per packet can be greatly reduced. ---- Richard Wackerbarth rkw@dataplex.net