Hi all,
According to the man page, setting the ipfw
established option matches TCP packets that have the
RST or ACK bits set. But from looking at the source
ip_fw2.c, it only rejects packets with SYN only, but
allows packets with NO flag bits set and packets with
URG/PSH/FIN.
/* reject packets
which have SYN only */
/* XXX should i also
check for TH_ACK ? */
match = (proto ==
IPPROTO_TCP && offset == 0 &&
(L3HDR(struct
tcphdr,ip)->th_flags &
(TH_RST | TH_ACK
| TH_SYN)) != TH_SYN);
Is this a bug or that's part of the design?
thx
Mukden
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
