Date: Wed, 7 Mar 2007 12:36:36 -0300 From: "Eduardo Meyer" <dudu.meyer@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: flags tcp and abscence of flag Message-ID: <d3ea75b30703070736s511a93c9x451e107f613370c5@mail.gmail.com> In-Reply-To: <20070301083627.GA16493@insomnia.benzedrine.cx> References: <d3ea75b30702281111q1160f097oc07e135e4d4d52c3@mail.gmail.com> <Pine.NEB.4.64.0702281336230.1764@glacier.reedmedia.net> <d3ea75b30702281148q41a585c7s7ec1f4d3361be554@mail.gmail.com> <20070301083627.GA16493@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/1/07, Daniel Hartmeier <daniel@benzedrine.cx> wrote: > On Wed, Feb 28, 2007 at 04:48:37PM -0300, Eduardo Meyer wrote: > > > Translating to human lang, what I want is "look everywhere and match > > only packets with fin set but syn, rst and ack unset. > > > > How can I do the "unset" evaluation? > > "flags F/FSRA" does precisely that. It is not the same as "flags F/F", > which would only test whether FIN is set. > > Daniel > Thank you Daniel, this is what I wanted to understand. I wish I could read "check within <b> flags if <a> flags are set. The ones present in <b> but not in <a> shall be unset for the rule to match." on man page, since now I see I lacked on good interpretation of the man page. Thanks everyone who pointed me only to trust the "scrub" action, but in my situation I can't just cast a spell and hope things get automagically done. I need independant and accounted rules for a number of invalid flags combination. -- =========== Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d3ea75b30703070736s511a93c9x451e107f613370c5>