Re: pf rules

看板FB_security作者時間16年前 (2010/01/23 02:32), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串11/11 (看更多)
thanks... i was under the impression that if you have everything blocked the initial syn request will be ignored. it doesn't make sense otherwise.... Jason V. Miller wrote: > Others have already given some good feedback (and asked some good > questions), but: > > >> pass out all keep state >> > > You're allowing out the initial TCP SYN, and creating a state entry for the > connection here. You should be able to make outgoing connections anywhere > with this rule. > > Once a state entry gets created, the state table will match on the traffic > for the session, and the rules list won't have to be evaluated. > > J. > > _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 kalin. 的文章
文章代碼(AID): #1BMUycBx (FB_security)
更多 kalin. 的文章
文章代碼(AID): #1BMUycBx (FB_security)