Re: The way forward.......
From: Steve Shorter (steve@nomad.lets.net)
Date: 01/28/03
- Next message: Steve Shorter: "Re: The way forward......."
- Previous message: Eric L Howard: "Re: chkrootkit & FBSD-5"
- In reply to: Darren Reed: "Re: The way forward......."
- Next in thread: Steve Shorter: "Re: The way forward......."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jan 2003 14:46:16 -0500 From: Steve Shorter <steve@nomad.lets.net> To: Darren Reed <avalon@coombs.anu.edu.au>
On Wed, Jan 29, 2003 at 02:52:53AM +1100, Darren Reed wrote:
>
> Well let me offer my completely biased opinion and say that unless you
> want/need to use dummynet, there's no reason to ever use ipfw :-)
>
Hmm ... what if I want to filter on tcpoptions. ipf
supports ipopts but I couldn't see anything about tcpoptions.
Reason .... Many SYN flood programs create packets
with missing MSS. So it is possible to filter these with the ipfw
rule
add 100 deny tcp from someplace to someother tcpoptions !mss setup
Or if I can do this with IPFilter how do I do it.
Sorry if I'm missing something.
-steve
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Steve Shorter: "Re: The way forward......."
- Previous message: Eric L Howard: "Re: chkrootkit & FBSD-5"
- In reply to: Darren Reed: "Re: The way forward......."
- Next in thread: Steve Shorter: "Re: The way forward......."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
