Subject: Re: Can ipf filter TCP packets based on the ACK bit?
To: None <tech-net@NetBSD.ORG>
From: Christos Zoulas <christos@zoulas.com>
List: tech-net
Date: 11/25/1997 08:28:10
In article <Pine.NEB.3.96.971124164735.11397A-100000@master.ibmcyrix.org> daemond@ibm.net writes:
>Hello all,
>
>I'm curious to know if ipf can filter TCP packets based on whether or not
>the ACK bit is on or off and if so how? Can someone send me an example?
>Thanx. L8r.
>
# Pass established connections.
pass in quick proto tcp all flags A/A
# Send back a reset for new connections on tcp.
block return-rst in quick proto tcp all flags S/SA
[this is from Kim's firewall]
christos