serial
/etc/rc.d/netif
/etc/rc.d/devd
/etc/rc.d/ipsec
/etc/rc.d/isdnd
/etc/rc.d/ppp
/etc/rc.d/ipfw
/etc/rc.d/nsswitch
/etc/rc.d/ip6addrctl
/etc/rc.d/atm2
/etc/rc.d/pfsync
/etc/rc.d/pflog
/etc/rc.d/pf
/etc/rc.d/routing
[...]
--
Simon L. Nielsen
pgpVAYYMXS2Ea.pgp
Description: PGP signature
deal with the problem.
mac_ifoff(4) might be a way to solve this problem, but it seems a bit
overkill to require MAC to handle this.
--
Simon L. Nielsen
pgpV4GWZRxpwm.pgp
Description: PGP signature
tack accepted a SYN packet for
an established connection.
I would assume that pf's packet scrubbing would handle that and not
let a SYN packet through for an established connection?
--
Simon L. Nielsen
pgpRTen5r6ALe.pgp
Description: PGP signature
t; block all
> > pass in on $ext_if inet proto tcp from any to ($ext_if) port
> > $tcp_services flags S/SA keep state
>
> DNS is UDP port 53, which you've blocked.
Well, more accurately... it's TCP and UDP, both port 53, though it
uses UDP most of the time.
--
Simon L. Nielsen
pgppyvZNz10aR.pgp
Description: PGP signature
