From owner-freebsd-hackers  Sun Aug 13  7:37: 4 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from darren2.lnk.telstra.net (darren2.lnk.telstra.net [139.130.53.33])
	by hub.freebsd.org (Postfix) with ESMTP id 3E10C37B681
	for <hackers@FreeBSD.ORG>; Sun, 13 Aug 2000 07:36:56 -0700 (PDT)
	(envelope-from darrenr@reed.wattle.id.au)
Received: (from root@localhost)
	by darren2.lnk.telstra.net (8.9.1/8.8.7) id OAA10084;
	Sun, 13 Aug 2000 14:36:52 GMT
From: Darren Reed <darrenr@reed.wattle.id.au>
Message-Id: <200008131436.AAA27300@avalon.reed.wattle.id.au>
Subject: Re: ipfw drop packets based on SYN &TTL
To: fengyue@bluerose.windmoon.nu
Date: Mon, 14 Aug 2000 00:36:47 +1000 (EST)
Cc: hackers@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL37 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Hi, I need to drop packets using ipfw based on the value of
> TTL and the value of TTL on a 2.2.8-stable system.  It seems
> ipfw does not support this, what options do I have? 

If you use IP Filter, this should "just work".  You won't have
to upgrade your system to FreeBSD 4.x/5.x either.  I still use
FreeBSD 2.2.X with current versions of IP Filter with no trouble.

The syntax would be:

block in ttl 1 proto tcp all flags S/S

to block all TCP packets with the SYN bit set and a TTL of 1.

Darren


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message