From owner-freebsd-pf@FreeBSD.ORG Wed Mar 7 15:36:38 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CF0CF16A40B for ; Wed, 7 Mar 2007 15:36:38 +0000 (UTC) (envelope-from dudu.meyer@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by mx1.freebsd.org (Postfix) with ESMTP id E1ED413C47E for ; Wed, 7 Mar 2007 15:36:37 +0000 (UTC) (envelope-from dudu.meyer@gmail.com) Received: by nf-out-0910.google.com with SMTP id k27so207030nfc for ; Wed, 07 Mar 2007 07:36:36 -0800 (PST) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=SIXaa8vXCGAsEvA+Ewc/btiGu3LzvfmaWV6zRlhZxCLzsLKhmI5vdhIG6IZA3YbpICJjyA347U888kW6L4+UsnMpdQcoXCq/rT9KxyshsJgw31B/FKh+SizdpNzFw0YxOHolaeuQipzwU9i2ZLzRjZvpG+vxGuIW9Lj4EU6Daf0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=SPVDXFY6m6++neI0E2pvH+hE852ExxkT1yo5p62fRRrMhI4YSGoKWmZHMyKu1t+oPy0xmoiHgQW/VKgkmgbtxjK60anoXBcopraux5UW+xDLiFnlh2mEyCM/B5Oa0ZjaLDhlfTcrnTZilz0qFpwqAe9wiRYF+q2LS6Hzz4uvtGo= Received: by 10.82.148.7 with SMTP id v7mr9417385bud.1173281796348; Wed, 07 Mar 2007 07:36:36 -0800 (PST) Received: by 10.82.155.14 with HTTP; Wed, 7 Mar 2007 07:36:36 -0800 (PST) Message-ID: Date: Wed, 7 Mar 2007 12:36:36 -0300 From: "Eduardo Meyer" To: freebsd-pf@freebsd.org In-Reply-To: <20070301083627.GA16493@insomnia.benzedrine.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070301083627.GA16493@insomnia.benzedrine.cx> Subject: Re: flags tcp and abscence of flag X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2007 15:36:38 -0000 On 3/1/07, Daniel Hartmeier wrote: > On Wed, Feb 28, 2007 at 04:48:37PM -0300, Eduardo Meyer wrote: > > > Translating to human lang, what I want is "look everywhere and match > > only packets with fin set but syn, rst and ack unset. > > > > How can I do the "unset" evaluation? > > "flags F/FSRA" does precisely that. It is not the same as "flags F/F", > which would only test whether FIN is set. > > Daniel > Thank you Daniel, this is what I wanted to understand. I wish I could read "check within flags if flags are set. The ones present in but not in shall be unset for the rule to match." on man page, since now I see I lacked on good interpretation of the man page. Thanks everyone who pointed me only to trust the "scrub" action, but in my situation I can't just cast a spell and hope things get automagically done. I need independant and accounted rules for a number of invalid flags combination. -- =========== Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br