[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf rules

To: misc@openbsd.org
Subject: pf rules
From: Matteo Cavalleri <shiva.brahma@inwind.it>
Date: Thu, 07 Mar 2002 12:10:18 +0100

I've read all the pf documentation i've found, but I still have a little
 question...

If i put the rule "block in $ext_if all" at the top of my ruleset,
"block return-rst  in on $ext_if proto tcp all" is not necessary,
isn't it?

AFAIK the first rules do the same thing of the second one, it just don't
send a reply to the host sending the tcp packets, so what's the
advantage of having the second rules after the first one? (as suggested
in pf.con manual page)

btw I read that return-rst caused a kernel panic in some situations, has
this been fixed in -stable or it's still safer not to use it?

-- 

    Shiva

  "Better true to yourself
Than a perfect shadow
       Of somebody else
     An empty shell"

(MrBig, My new religion)

Follow-Ups:
- Re: pf rules
  - From: Richard Welty <rwelty@averillpark.net>

Prev by Date: Re: laptop console
Next by Date: OpenSSH Security Advisory (adv.channelalloc)
Prev by thread: Re: Promise IDE Controller error
Next by thread: Re: pf rules
Index(es):
- Date
- Thread