[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

grouped tcp flags



Is it possible to explicitly deny specific incoming tcp flag possibilities as a single variable?  I know I could set up ten different rules, but I understand this may run quicker, even if the difference isn't noticable it seems much cleaner.  It's hard to ask the question... in other words, will the following work?  Does pf syntax allow this?

BadTCPFlags="{ FUP, FUP/FUP, SF/SFRA, /SFRA, F/SFRA, U/SFRAU, P, \
FS/FS, FSRPAU, /FSRPAU }"

block in quick proto tcp all flags $BadTCPFlags


TIA,

Adam Wenzel