Suggest using just finrst in the dial filter, and not syn.

Submitted by:	Ruslan Ermilov <ru@FreeBSD.org>
This commit is contained in:
brian 1999-09-16 18:52:46 +00:00
parent 46ca602b1a
commit f051cabc36

View File

@ -224,9 +224,9 @@ dodgy:
set filter dial 0 deny icmp
set filter dial 1 permit 0 0
#
# or any TCP SYN or RST packets (badly closed TCP channels):
# or any TCP FIN or RST packets (badly closed TCP channels):
#
set filter dial 2 deny 0 0 tcp syn finrst
set filter dial 2 deny 0 0 tcp finrst
#
# Once the line's up, allow connections for ident (113), telnet (23),
# ftp (20 & 21), DNS (53), my place of work (192.244.191.0/24),