[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Senseless Waste?



* [email protected] <[email protected]> [2004-06-11 20:43]:
> From some other rules files I noticed while scanning the web for
> pf-concerned pages: 
> 
> # Block bad tcp flags from malicious people and nmap scans
> block in log quick on $ext_if proto tcp from any to any flags /S
> block in log quick on $ext_if proto tcp from any to any flags /SFRA
> block in log quick on $ext_if proto tcp from any to any flags /SFRAU
> block in log quick on $ext_if proto tcp from any to any flags A/A
> block in log quick on $ext_if proto tcp from any to any flags F/SFRA
> block in log quick on $ext_if proto tcp from any to any flags U/SFRAU
> block in log quick on $ext_if proto tcp from any to any flags SF/SF
> block in log quick on $ext_if proto tcp from any to any flags SF/SFRA
> block in log quick on $ext_if proto tcp from any to any flags SR/SR
> block in log quick on $ext_if proto tcp from any to any flags FUP/FUP
> block in log quick on $ext_if proto tcp from any to any flags FUP/SFRAUPEW
> block in log quick on $ext_if proto tcp from any to any flags SFRAU/SFRAU
> block in log quick on $ext_if proto tcp from any to any flags SFRAUP/SFRAUP 
> 
> Is this configuration not covered with 
> 
> set	block-policy	drop 
yes, but different ;)
> Or is there some merit to explicately filtering every flag combination?
that's what this does. However, it is stupid.
-- 
Henning Brauer, BS Web Services, http://bsws.de
[email protected] - [email protected]
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)